US Pat. No. 10,142,412

MULTI-THREAD PROCESSING OF SEARCH RESPONSES

Splunk Inc., San Francis...

1. A method, comprising:transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system;
receiving a plurality of data packets from the plurality of search peers;
parsing, by a first processing thread of the computer system, one or more data packets of the plurality of data packets, to produce a partial response to the search request; and
processing, by a second processing thread of the computer system, the partial response to produce a memory data structure representing an aggregated response to the search request.

US Pat. No. 10,142,411

DYNAMIC SWARM SEGMENTATION

Microsoft Technology Lice...

1. A system configured to identify peers for a plurality of clients to facilitate obtaining updates for the plurality of clients, the system comprising:one or more processors;
one or more computer-readable media coupled to the one or more processors;
wherein the one or more processors and one or more computer-readable media are configured to implement a peer determination service, wherein the peer determination service is configured to:
identify a dataset associated with the plurality of clients, the dataset comprising a plurality of byte ranges;
identify, for each given client of the plurality of clients, one or more byte ranges of the plurality of byte ranges of the dataset that each given client has already obtained;
identify, for each given client of the plurality of clients, one or more byte ranges of the plurality of byte ranges of the data set that each given client needs to obtain; and
based on the identification of byte ranges, organize the plurality of clients into a plurality of groups, each group both including one or more clients and corresponding to a different node of a hierarchical graph, each given node being associated with one or more byte ranges of the plurality of byte ranges of the dataset, such that each client of a group corresponding to the given node has already obtained or needs to obtain at least one byte range of the one or more byte ranges associated with the given node, at least one client of each group being configured to act as a peer to other clients of the group, the hierarchical graph comprising a plurality of nodes that range from one or more nodes having a smallest number of byte ranges to one or more nodes having a largest number of byte ranges, such that the hierarchical graph can be traversed from the one or more nodes having the smallest number of byte ranges to the one or more nodes having the largest number of byte ranges.

US Pat. No. 10,142,410

MULTI-MODE REMOTE COLLABORATION

Raytheon Company, Waltha...

1. A method for providing information for a collaboration between a remote communication device and a device connected to an internal network, the method comprising:determining a location of the remote communication device by at least one of a global positioning system (GPS), low frequency (LF) atomic time radio, earth magnetic signature, internet protocol (IP) address, and cell phone tower triangulation;
identifying regulations regarding communication from the internal network to the remote device based on the determined location and a location of the internal network;
identifying a bandwidth of a remote network, different from the internal network, to which the remote communication device is connected, the remote network communicatively accessible by the internal network;
estimating a battery life of the remote device and an amount of time the remote device can communicate with the device of the internal network using each of voice over internet protocol (VOIP) communication, hypertext transfer protocol (HTTP) communication, text communication, voice communication, video communication, and augmented reality communication;
selecting, based on the estimated battery life and the amount of time the remote device can communicate, a communication protocol including one of VOIP communication, HTTP communication, text communication, voice communication, video communication, and augmented reality communication;
configuring the remote device to transmit and receive communications in a manner compliant with the identified regulations and the selected communication protocol; and
transmitting VOIP communications, HTTP communications, text communications, voice communications, video communications, or augmented reality communications to the remote device based on the selected communication protocol, the estimated battery life and the identified bandwidth.

US Pat. No. 10,142,409

SYSTEM AND METHOD FOR IMPLEMENTING PNRP LOCALITY

Microsoft Technology Lice...

1. A method, comprising:determining, by one or more processors of a computing system, one or more network latencies between a host node and one or more peer nodes, wherein determining the one or more network latencies comprises probing at least one publisher of an address of a peer node and storing probe results in a cache; and
determining, by the one or more processors, a set of network coordinates of the host node in a coordinate space at least partly based on the one or more network latencies, the determining including:
determining whether the cache comprises probe results indicating one or more network latencies for at least d+1 peer nodes of the one or more peer nodes, d being an integer representing a dimensionality of the coordinate space; and
based at least partly on a first determination that the cache does not comprise the probe results indicating the one or more network latencies for the at least d+1 peer nodes, estimating the set of network coordinates of the host node; or
based at least partly on a second determination that the cache does comprise the probe results indicating the one or more network latencies for the at least d+1 peer nodes, calculating the set of network coordinates of the host node using d+1 network latencies.

US Pat. No. 10,142,408

HARDWARE LOADING ADJUSTING METHOD AND RELATED ELECTRONIC DEVICE

Winstron Corporation, Ne...

1. A hardware loading adjusting method, comprising:performing a first thread for receiving and decompressing the compressed data, to generate and to store decompressed data to a first storage module by a first speed;
performing a second thread for storing the decompressed data to a second storage module by a second speed; and
adjusting a ratio between the size of the compressed data and the decompressed data stored in the first storage module and the size of the first storage module according to the relationship between the first speed and the second speed.

US Pat. No. 10,142,406

AUTOMATED DATA CENTER SELECTION

Amazon Technologies, Inc....

1. A method for selecting a data center of a Program Execution Service (PES) platform, the method comprising:under control of a PES platform that includes a number of data centers, at least some of the number of data centers capable of providing a user with access to one or more computing resources hosted by said at least some of the number of data centers, at least some of the computing resources including compute nodes comprising virtual desktops that enable the user to access a plurality of services provided by the PES platform:
receiving a request at the PES platform to obtain access to a computing resource from a computing device of the user;
determining, from the number of data centers, a set of data centers that include the computing resource;
identifying a plurality of data centers from the set of data centers based, at least in part, on a latency factor of each of the plurality of data centers;
selecting a data center from the plurality of data centers using a tie breaking factor, the tie breaking factor based at least in part on a utilization rate for the data centers of the plurality of data centers;
accessing access rules associated with an entity, the access rules specifying rules for distributing computing resource access of different users of a group of users at the entity among different instances of the computing resource, the group of users one of multiple groups of users, and the group of users including the user, wherein the access rules specify for a first group of users from the multiple groups of users: 1) an amount of users permitted to access a first instance of the computing resource; 2) that no more than a first amount of users from the first group of users share physical computing resources; and 3) that users exceeding the first amount of users from the first group of users be assigned to a second instance of the computing resource, wherein each group of users is associated with a different role at the entity thereby reducing a number of users associated with a particular role that lose access to the computing resource when access to the first instance of the computing resource is lost, and wherein at least one user from a second group of users from the multiple groups of users is permitted to access the first instance of the computing resource;
determining whether granting the user of the computing device access to the computing resource at the data center will violate the access rules;
in response to determining that the access rules will be violated, selecting an alternative data center from the plurality of data centers, and
in response to determining that the access rules will not be violated by granting the user of the computing device access to the computing resource at the data center, granting the user of the computing device access to the computing resource at the data center.

US Pat. No. 10,142,404

INTER-PLATFORM MANAGEMENT OF COMPUTING RESOURCES

International Business Ma...

1. A computer-implemented method comprising:identifying a requesting virtual server residing on a primary computing platform, the requesting virtual server associated with a requesting client;
identifying a donating virtual server residing on the primary computing platform, the donating virtual server associated with a donating client;
identifying an external virtual server residing on a secondary computing platform outside the primary computing platform, the external virtual server associated with the requesting client;
determining a first resource exchange between the requesting virtual server and the donating virtual server, the first resource exchange including a total donation amount from the donating virtual server to the requesting virtual server; and
determining a second resource exchange between the external virtual server and a second virtual server residing on the secondary computing platform, the second virtual server associated with the donating client, the second resource exchange including a total adjustment amount from the external virtual server to the second virtual server;
wherein:
upon execution of the first resource exchange and the second resource exchange, the total donation amount is equal to the total adjustment amount.

US Pat. No. 10,142,403

METHOD AND APPARATUS FOR FACILITATING PARALLEL DISTRIBUTED COMPUTING

1. A computer-implemented method for facilitating parallel distributed computing, comprising:receiving at a receiving node from a requesting node an operator o1 and unevaluated expressions e1, e2, . . . , ek,
wherein k>0, and
wherein the requesting node is desiring a response to the request comprising an evaluated expression which corresponds to the result of applying the operator o1 to the unevaluated expressions e1, e2, . . . , ek;
sending to a node a1 unevaluated expression e1, sending to a node a2 unevaluated expression e2, . . . , and sending to a node ak unevaluated expression ek;
receiving at the receiving node from node a1 evaluated expression p1 in response to sending node a1 unevaluated expression e1, receiving from node a2 a evaluated expression p2 in response to sending node a2 unevaluated expression e2, . . . , and receiving from node ak evaluated expression pk in response to sending nodeak unevaluated expression uk;determining an operator o2 and unevaluated expressions c1, c2, . . . , cn based on the operator o1 and evaluated expressions p1, p2, . . . , pk, wherein n>2;
sending to a node f1 unevaluated expression c1, sending to a node f2 unevaluated expression c2, . . . , and sending to a node fn unevaluated expression cn;
receiving at the receiving node from node f1 evaluated expression g1 in response to sending node f1 unevaluated expression c1, receiving from node f2 a evaluated expression g2 in response to sending node f2 unevaluated expression c2, . . . , and receiving from node fn evaluated expression gn in response to sending node fn unevaluated expression cn;
determining an evaluated expression r based on the operator o2 and evaluated expressions g1, g2, and . . . gn; and
sending to the requesting node evaluated expression r, thus producing a result that indicates a response to receiving from the requesting node an operator o1 and expressions e1, e2, . . . , ek.

US Pat. No. 10,142,402

METHODS AND APPARATUSES FOR SENDING PROMPT MESSAGE TO CLOSE A MOVABLE ARTICLE

Xiaomi Inc., Beijing (CN...

8. An apparatus for sending a prompt message, comprising:a processor;
a memory configured to store an instruction executable by the processor;
wherein the processor is configured to:
receive a status of a movable article corresponding to a sensor;
obtain a working status of an air cleaner bound with the sensor when the movable article corresponding to the sensor is in an open status;
detect whether the working status of the air cleaner is an on status; and
send the prompt message to a user in a predetermined manner when it is detected that the working status of the air cleaner is the on status, wherein the prompt message is configured to indicate the user to close the at least one of the movable article in a room containing the air cleaner or to turn off the air cleaner.

US Pat. No. 10,142,400

CONTEXT-SENSITIVE INFORMATION RETRIEVAL

1. A system comprising:a processor; and
a memory, wherein the memory contains instructions that, when executed by the processor, cause the processor to:
receive from a first entity, over a wide area network, feature information for a feature of an application;
store the feature information in a first field of a first file;
receive from a second entity different from the first entity, over the wide area network, an address to a help topic associated with the feature information;
store the address in association with the feature information, in a second field of the first file;
receive a request from an application over a data communication network, wherein the request is transmitted in response to a command by a user in a contact center to receive help related to the feature of the application;
receive context information associated with the request, wherein the context information includes information gathered by the application in response to user interaction with the application, the context information including information on the user accessing the application and an identification of the feature, the context information further including user profile information, the user profile information including a language preference of the user;
select information to be output based on the received context information, wherein the instructions that cause the processor to select information to be output include instructions that cause the processor to:
retrieve over the wide area network the first file storing the address associated with the feature identified in the received context information;
invoke the address in the first file stored in association with the feature identified in the received context information, and retrieve, over the wide area network, help content identified by the address, the help content being stored in a second file different from the first file;
identify, based on the received context information, information specific to the user accessing the application;
customize the retrieved help content based on the identified information specific to the user; and
transmit to the application, as the selected information, the customized help content.

US Pat. No. 10,142,399

MINIMAL DOWNLOAD AND SIMULATED PAGE NAVIGATION FEATURES

MICROSOFT TECHNOLOGY LICE...

1. A server computer comprising:at least one processor device; and
a memory, operatively connected to the at least one processor, storing instructions, which when executed, cause the at least one processor device to:
receive an electronic page request from a user computer, the received electronic page request comprising a request to navigate from a previously rendered electronic page to a target electronic page;
determine whether to implement a normal page navigation operation or a minimal download operation, wherein the minimal download operation operates to provide a difference package associated with the previously rendered electronic page and the target electronic page;
provide, to the user computer in response to determining to implement the minimal download operation, a layer of indirection for page scripts and page objects of the previously rendered electronic page, wherein the layer of indirection provides controlled disconnect of events associated with the page scripts and the page objects of the previously rendered electronic page;
generate the difference package with information associated with differences between the previously rendered electronic page and the target electronic page, wherein the information comprises a representation of rendered contents to be updated on the previously rendered electronic page, the representation comprising an array of input fields associated with the previously rendered electronic page and the target electronic page; and
provide the difference package to the user computer, wherein the difference package enables the user computer to initiate page load events and execute the page scripts using the layer of indirection, thereby simulating the page load for the target electronic page.

US Pat. No. 10,142,398

METHOD AND SYSTEM FOR FILE TRANSFER OVER A MESSAGING INFRASTRUCTURE

International Business Ma...

1. A system for file transfer over a messaging infrastructure, comprising:a source for sending a file, including:
means for dividing the file into multiple portions including a first portion and at least one subsequent portion;
means for creating a message including a multiplicity of headers and payloads with an individual one of the headers and an individual one of the payloads for each of the multiple portions of the file, each of the payloads including a corresponding one of the multiple portions and being associated with a corresponding one of the message headers, wherein the one of the headers of a message for the first portion includes a hash for the first portion included in the message for the first portion, and the one of the headers of a message for any subsequent portion includes two different hashes:
a first hash summarizing a first state of the file up to, but not including, a current one of the portions included in the message for the subsequent portion, the first state indicating a state of the file that is required in order to add the current one of the portions to the file when recreating the file at a target computing device;
a second hash summarizing a second state of the file up to and including a current one of the portions included in the message for the subsequent portion, the second state indicating a state of a recreated file after having added the current portion to the file at the target computing device; and
means for sending each created message to the target computing device by way of a message queue,
wherein each of the payloads is filled from an end of free space available in the message so that space allocated for each of the headers is able to grow at a head of the message, while file data grows from a tail of the message allowing a single fixed size buffer to be used without moving data within the message as file portions are added.

US Pat. No. 10,142,397

NETWORK FILE TRANSFER INCLUDING FILE OBFUSCATION

International Business Ma...

1. A method, said method comprising:selecting, by a server computer, a re-ordering scheme from one or more re-ordering schemes for re-ordering chunks of an original file, wherein N denotes the total number of chunks in the original file, and wherein N is at least 2;
dividing, by the server computer, the file into the chunks;
after said dividing the file into the chunks, re-ordering, by the server computer, the chunks according to the selected re-ordering scheme to form an obfuscated file comprising the re-ordered chunks, wherein the selected re-ordering scheme specifies for each chunk in the original file a position of said each chunk in the obfuscated file, and wherein said re-ordering comprises performing N iterations such that in iteration I the position of chunk I in the obfuscated file is determined to be the position of chunk I specified in the selected re-ordering scheme, for I=1, 2, . . . N; and
sending, by the server computer to a client computer, the obfuscated file, using Hypertext Transfer Protocol (HTTP) Chunked Transfer Encoding, along with a scheme access reference consisting of a decoding key that points to the selected re-ordering scheme and enables the client computer to access and decode the selected re-ordering scheme,
wherein the method does not use a conventional encrypted file transfer in which a file to be sent unencrypted uses an encrypted secure transport, and
wherein the method does not use a conventional encrypted file transfer in which a file to be sent encrypted is encrypted before being sent and is decrypted after being sent.

US Pat. No. 10,142,396

COMPUTERIZED SYSTEM AND METHOD FOR DETERMINING AND COMMUNICATING MEDIA CONTENT TO A USER BASED ON A PHYSICAL LOCATION OF THE USER

OATH INC., New York, NY ...

1. A method comprising:receiving, at a computing device over a network, a request for a media file from a device of a user, said request comprising global positioning (GPS) data associated with the device at the time the request is communicated from the device to the computing device;
determining, via the computing device, a geographic location associated with the device of the user, said determination comprising parsing, via the computing device, the received request, identifying, based on said parsing, the GPS data included in the received request, and determining the geographic location referenced by the GPS data;
accessing, via the computing device, a collection of media files associated with a media platform;
parsing, via the computing device, each media file included in said collection, and based on said parsing, identifying metadata associated with each media file;
analyzing, via the computing device, the identified metadata of each media file using the determined geographical location as a query, and based on said analysis, identifying a first media file from the collection that is associated with said geographic location;
analyzing, via the computing device, the first media file, and based on said analysis, identifying a first user that uploaded the first media file to the media file platform, said first user being different than said user from which the request was received;
searching, via the computing device, the collection using an identity of the first user as a query, and based on said searching, identifying a set of media files within the collection that are associated with the first user;
determining, via the computing device, a number of media files the first user has uploaded to said media platform over a predetermined period of time, each media file associated with the geographic location;
comparing, via the computing device, said determined number to an activity threshold;
determining, via the computing device, a difference between a first timestamp of an initially uploaded media file by the first user and a most recently uploaded media file;
comparing, via the computing device, said determined difference to a time threshold;
determining, via the computing device, a classification of the first user, said classification determination comprising:
classifying the first user as a local when the activity threshold and the time threshold are both satisfied; and
classifying the first user as a tourist respective to the geographic location when only one of the activity threshold and time threshold are satisfied;
further analyzing, via the computing device, each media file in said set of media files of the first user, and determining, based on said analysis, visual content information and social metric information for each media file in the set;
determining, via the computing device, a score for each media file in the set based on the determined visual content information and social metric information of the respective media file;
ranking, via the computing device, each media file in the set based on the determined score, wherein the media files in the set with higher scores are ranked higher than those with lower scores;
determining, via the computing device, a subset of media files to be communicated to the user based on said classification of the first user; and
automatically communicating, via the computing device, said subset of the ranked media files of the first user to the user device in response to said request.

US Pat. No. 10,142,395

ACCESSING HARDWARE DEVICES USING WEB SERVER ABSTRACTIONS

Microsoft Technology Lice...

1. A method for accessing remote hardware devices, the method comprising:receiving by a web browser, configured to accept application programming interface (API) calls from a requesting application for initiating hardware device access, a Hypertext Transfer Protocol (HTTP) request via the API;
transmitting by the web browser the HTTP request to a remote hardware device server configured to provide access to a remote hardware device, the HTTP request including a request for establishing an authenticated session with the remote hardware device, the remote hardware device server being local to the remote hardware device;
upon establishment of the authenticated session, in response to a first API call from the requesting application for an action to be taken with respect to the remote hardware device, the web browser transmitting an HTTP request, including commands corresponding to the action to be taken with respect to the remote hardware device, to the remote hardware device server; and
receiving by the web browser a second API call from the requesting application for enabling the requesting application to receive at least one event notification related to the remote hardware device from the remote hardware device server.

US Pat. No. 10,142,394

GENERATING RISK PROFILE USING DATA OF HOME MONITORING AND SECURITY SYSTEM

iControl Networks, Inc., ...

1. A system comprising:a premises management device located at a premises;
a touchscreen device located at the premises, wherein the touchscreen device is in communication with the premises management device, wherein the touchscreen device is configured to output a plurality of user interfaces, and wherein the plurality of user interfaces enable control of functions of the premises management device and access to data associated with the premises management device; and
a premises management server in communication with one or more of the premises management device and the touchscreen device, wherein the premises management server is located external to the premises, wherein the premises management server comprises a client interface through which remote client devices exchange data with one or more of the premises management device and the touchscreen device, wherein the premises management server is configured to:
receive behavioral data associated with one or more of the premises management device and the touchscreen device,
generate, based on the behavioral data, a risk score, and
cause output of the risk score.

US Pat. No. 10,142,393

COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND STORAGE MEDIUM

Canon Kabushiki Kaisha, ...

1. A communication apparatus comprising:an acquisition unit configured to acquire information regarding a number of Hypertext Transfer Protocol (HTTP) requests to be transmitted consecutively to another communication apparatus for communication with the another communication apparatus; and
a determination unit configured to determine a communication protocol,
wherein, in a case where the number of HTTP requests to be transmitted consecutively to the another communication apparatus is less than a threshold value, the determination unit is configured to determine a first communication protocol as a communication protocol to be used for communication with the another communication apparatus,
wherein, in a case where the number of HTTP requests to be transmitted consecutively to the another communication apparatus is not less than the threshold value, the determination unit is configured to determine a second communication protocol as a communication protocol to be used for communication with the another communication apparatus, and
wherein consecutive transmission of a plurality of HTTP requests based on a single transmission control protocol (TCP) connection is allowed in the second communication protocol.

US Pat. No. 10,142,392

METHODS AND SYSTEMS FOR IMPROVED SYSTEM PERFORMANCE

iControl Networks, Inc., ...

1. A method comprising:polling, by a client device and via an unreliable protocol, a status server to determine availability of data associated with the client device;
after polling the status server, receiving, via the unreliable protocol, a notification from the status server indicating that there is available data available to the client device;
after receiving the notification, sending, by the client device, to a system server, and via a reliable protocol, a request for the available data; and
receiving, from the system server and via the reliable protocol, the available data.

US Pat. No. 10,142,391

SYSTEMS AND METHODS OF DIAGNOSING DOWN-LAYER PERFORMANCE PROBLEMS VIA MULTI-STREAM PERFORMANCE PATTERNIZATION

Quest Software Inc., Ali...

1. A method of diagnosing transient down-layer performance problems using virtual-meeting performance data, comprising, by a computer system:generating a time-based performance pattern of a plurality of virtual meetings of a communications platform executing in a computing environment, wherein the computing environment comprises a plurality of down-layer infrastructural resources that support meeting services of the communications platform and non-meeting services of other components of the computing environment;
determining, from the time-based performance pattern, at least one virtual-meeting attribute associated with relatively poor virtual-meeting performance as indicated by measured media-stream quality for the plurality of virtual meetings;
identifying virtual meetings, of the plurality of virtual meetings of the time-based performance pattern, that have the at least one virtual-meeting attribute associated with relatively poor virtual-meeting performance;
correlating, based at least partly on stored metadata, at least a subset of the identified virtual meetings to a particular down-layer infrastructural resource, of the plurality of down-layer infrastructural resources, that is at least partially responsible for executing each virtual meeting of the at least a subset;
examining a performance metric of the correlated at least a subset of virtual meetings that is illustrative of an infrastructural problem which is broader than the communications platform;
identifying a transient down-layer performance problem related to the particular down-layer infrastructural resource responsive to the examined performance metric satisfying a threshold; and
reporting the transient down-layer performance problem.

US Pat. No. 10,142,390

METHOD AND SYSTEM FOR PROVIDING CONTENT IN CONTENT DELIVERY NETWORKS

NEC CORPORATION, Tokyo (...

1. A method for providing content in content delivery networks having an upstream content delivery network, and a downstream content delivery network comprising at least two content delivery entities, wherein the upstream content delivery network and the downstream content delivery network are connected to each other and a user equipment is connected to the downstream content delivery network, the method comprising:receiving a request from the user equipment for a content stream for a content from the downstream content delivery network;
providing, by the upstream content delivery network, the content stream;
redirecting the content stream from the upstream content delivery network to a content delivery entity of the at least two content delivery entities in the downstream content delivery network, wherein the user equipment is connectable to the at least two content delivery entities;
providing, by the content delivery entity in the downstream content delivery network, the content stream to the user equipment, wherein the user equipment obtains an address of the content delivery entity in the downstream content delivery network from a manifest file generated by the upstream content delivery network; and
performing at least twice:
determining at least one of network information of the downstream content delivery network or user equipment information,
determining probabilities of optimized content stream performance to the user equipment for each of the at least two content delivery entities based on the determined at least one of network information of the downstream content delivery network or the user equipment information,
providing, by the upstream content delivery network, a next manifest file comprising an address of a different one of the at least two content delivery entities with a highest probability among the determined probabilities in response to a request from the user equipment that is triggered by meta-data included in a most recent manifest file that links to the next manifest file,
connecting the user equipment to the content delivery entity with the highest probability, and
redirecting the content stream to the content delivery entity with the highest probability for providing the content stream to the user equipment;
wherein time intervals are calculated for performing the steps that are performed at least twice using actual or previous user equipment information, wherein a time interval indicates how long a manifest file is valid.

US Pat. No. 10,142,389

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, COMMUNICATION TERMINAL, SERVER, AND CONTROL METHODS AND CONTROL PROGRAMS THEREOF

NEC Corporation, Tokyo (...

1. An information processing system, comprising:a communication device; and
a server,
wherein the communication device comprises:
a first memory storing first instructions; and
at least one first processor configured to execute first instructions load a file;
determine whether the communication device has an application that can process the loaded file and generate, from the processed file, output data in an outputtable data format to be output at the communication device;
when it has been determined that the communication device does not have the application, connect the communication device with the server via a wireless communication network and transmit, to the server, a first request with information used to generate the output data in the outputtable data format, of supplying the output data in the outputtable data format by processing the file and generating the output data from the processed file;
receive the output data in the outputtable data format, transmitted from the server connected via the wireless communication network in response to a second request transmitted to the server; and
output the received output data in the outputtable data format without any data conversions, and
wherein the server comprises:
a second memory storing second instructions; and
at least one second processor configured to execute the second instructions to:
acquire the file and the information used to generate the output data in the outputtable data format from the communication device in response to the first request received from the communication device;
select, in accordance with the acquired file and the acquired information, an application that can process the acquired file and generate the output data in the outputtable data format from the processed file;
execute the selected application to process the acquired file and to generate the output data in the outputtable data format from the processed file;
accumulate the generated output data in the outputtable data format in an accumulator; and
when receiving the second request from the communication device, transmit the generated and accumulated output data in the outputtable data format to the communication device via the wireless communication network.

US Pat. No. 10,142,388

METHOD AND DEVICE FOR TRANSMITTING MEDIA DATA

Huawei Device (Dongguan) ...

1. A method for transmitting media data, wherein a sending device sending the media data and a receiving device receiving the media data are currently located in a same wireless network, the method comprising:using, by the sending device, one of wireless networks of multiple available frequency bands to perform media data transmission;
acquiring, by the sending device, information about transmission mode switching, and determining, according to the information about transmission mode switching, whether to switch the wireless network;
in response to determining, by the sending device, to switch the wireless network for transmission, switching the wireless network for performing data transmission to a wireless network of another frequency band in the multiple available frequency bands, and acquiring, by the sending device, the frequency band of the wireless network that is obtained after the switching; and
determining, by the sending device, whether a center frequency of the frequency band of the wireless network after the switching is greater than a threshold, and when yes, setting a media data encoding mode of the sending device to non-compression, and sending, by the sending device, media data that is not compressed to the receiving device; or
when the center frequency of the frequency band of the wireless network after the switching is not greater than the threshold, setting a media data encoding mode of the sending device to compression, and sending, by the sending device, media data that is compressed to the receiving device.

US Pat. No. 10,142,387

DISTRIBUTED COORDINATION OF NETWORK ELEMENTS FOR PACKET ENCAPSULATION

Cisco Technology, Inc., ...

1. A method comprising:at each of a plurality of encapsulator devices comprising a master encapsulator device and one or more slave encapsulator devices, receiving a source stream of encoded packets in a first transport format;
at the master encapsulator device, generating a preliminary plan for converting the encoded packets of the source stream to packets of a master output stream in a second transport format for communication over a data network, wherein the preliminary plan identifies a plurality of the encoded packets of the source stream corresponding to each packet of the master output stream;
at the master encapsulator device, generating a preliminary mapping stream that comprises information identifying the plurality of the encoded packets of the source stream that are used to generate each of the packets of the master output stream according to the preliminary plan;
sending the preliminary mapping stream from the master encapsulator device to the one or more slave encapsulator devices;
receiving feedback from the one or more slave encapsulator devices, the feedback comprising an evaluation of the preliminary plan at the one or more slave encapsulator devices;
updating the preliminary plan with the feedback received from the one or more slave encapsulator devices to generate a finalized plan;
generating a finalized mapping stream that comprises updated information identifying an updated plurality of encoded packets of the source stream that are used to generate each of the packets of the master output stream according to the finalized plan;
sending the finalized mapping stream from the master encapsulator device to the one or more slave encapsulator devices; and
at each of the one or more slave encapsulator devices, using the updated information in the finalized mapping stream to generate a slave output stream according to the finalized plan, wherein each slave output stream is identical to the master output stream.

US Pat. No. 10,142,386

DETERMINING MANIFEST FILE DATA USED IN ADAPTIVE STREAMING VIDEO DELIVERY

DLVR, INC., Phoenix, AZ ...

1. A system for analyzing adaptive streaming video delivery performance, the system comprising:a first content delivery network (CDN), comprising one or more segment file servers, and further comprising:
a processing unit including one or more processors; and
memory coupled with and readable by the processing unit and storing therein one or more sets of instructions;
wherein the execution of the one or more sets of instructions by the one or more processors, causes the first CDN to:
receive, from a recipient device, a plurality of requests for a plurality of video segment files, each said request requesting a particular video segment file, wherein the plurality of video segment files correspond to a portion of a delivery of a first adaptive streaming video controlled by a first manifest file stored at the recipient device, wherein one or more other portions of the first adaptive streaming video are not delivered by the first CDN, but are delivered by one or more other CDNs operated separately from the first CDN;
determine one or more video streaming characteristics stored within the first manifest file stored on the recipient device, based on the requests for the video segment files received by the first CDN;
in response to each of the plurality of requests for a particular video segment file, transmit the particular requested video segment file to the recipient device, via the one or more segment file servers; and
collect data metrics corresponding to the transmission of the particular requested video segment files from the first CDN to the recipient device; and
a manifest file serving system including one more or servers, each server in the manifest file serving system comprising:
a processing unit including one or more processors; and
memory coupled with and readable by the processing unit and storing therein a set of instructions;
wherein the execution of the one or more sets of instructions by the one or more processing units, causes the one or more servers of the manifest file serving system to:
receive the data metrics corresponding to the transmission of the requested video segment files from the first CDN to the recipient device;
determine, based at least in part on the data metrics from the first CDN, one or more performance metrics associated with the one or more other CDNs operated separately from the first CDN;
receive a manifest file request for an adaptive streaming video from a client device;
select one or more CDNs to be referenced in a manifest file responsive to the manifest file request, based at least in part on the determined performance metrics associated with the other CDNs operated separately from the first CDN;
configure a manifest file including one or more Uniform Resource Locators (URLs) referencing video segment files corresponding to portions of the adaptive streaming video, wherein the video segment files referenced by the URLs are provided by the one or more selected CDNs; and
transmit the configured manifest file to the client device in response to the manifest file request.

US Pat. No. 10,142,385

MULTI-SERVICE INITIALIZATION FOR ADAPTIVE MEDIA STREAMING

QUALCOMM Incorporated, S...

1. A method for receiving media content in a communication device, comprising:receiving, by a processor of the communication device, an initialization segment associated with a first media broadcast in a first channel;
requesting, by the processor, a second media broadcast in a second channel that is different from the first channel;
receiving, by the processor, an indication that the initialization segment is also associated with the second media broadcast, wherein the received indication includes a notification that a frequency of the initialization segment is being changed or identifies a changed initialization segment frequency;
receiving, by the processor, initialization segments at the changed initialization segment frequency; and
processing, by the processor, the second media broadcast using the initialization segment at the changed initialization segment frequency.

US Pat. No. 10,142,384

DISTRIBUTING COMMUNICATION OF A DATA STREAM AMONG MULTIPLE DEVICES

1. A method comprising:associating, by executing an instruction with a processor of a distribution system, a sharing code including alphanumeric data with a shared connection, the shared connection to be established to distribute communication of a complete data stream among multiple devices, the associating of the sharing code with the shared connection being performed in response to a first request received from a first device;
transmitting, by executing an instruction with the processor, the sharing code from the distribution system to the first device in response to the first request;
receiving a second request including the sharing code from a second device different from the first device, the second request having been sent by the second device to a first network address of the distribution system;
splitting, by executing an instruction with the processor, the complete data stream into a plurality of partial data streams corresponding to respective portions of the complete data stream, the partial data streams to be transmitted from the distribution system to respective ones of the multiple devices, including the second device, to combine available bandwidths of the multiple devices to realize the shared connection; and
in response to receiving the second request including the sharing code from the second device, establishing, by executing an instruction with the processor, a data connection via which a first partial data stream corresponding to a first portion of the complete data stream is to be transmitted from the distribution system to the second device.

US Pat. No. 10,142,383

METHOD FOR DELIVERING MUSIC CONTENT TO A SMART PHONE

1974 PRODUCTIONS, INC., ...

1. A method of distributing media content using mobile communication devices, comprising:providing digital media access cards, the digital media access cards promoting selected media content and containing enciphered information;
allowing a user of a mobile communication device to be granted access to a digital media access card;
generating an identification number, the identification number associated with the selected media content;
deciphering the enciphered information to create deciphered information, the deciphered information allowing the user to access a web server associated with the digital media access cards with the user's mobile communication device and download application software enabling the user to access the selected media content with the user's mobile communication device, the deciphered information further including machine-readable code corresponding to the identification number, whereby the application software facilitates reading the machine readable code with the mobile communication device and transmitting the code to the web server with the mobile communication device;
receiving the identification number with the web server and using the identification number to locate a table value in a database wherein identification numbers from a plurality of media access cards are each associated with a table value corresponding to media content associated with the access cards; and
using the table value to identify a media code associated with the selected media content in a content server whereupon the media code is transmitted to the mobile communications device whereby the mobile communication device may transmit the media code to the content server, the content server transmitting the selected media content to the mobile communication device upon receiving the media code from the mobile communication device.

US Pat. No. 10,142,382

DETECTING VIDEO STREAMING AND IDENTIFYING STREAMED VIDEOS

GOOGLE LLC, Mountain Vie...

1. A processor-implemented method for identifying streamed video, comprising:receiving, at a router, a request for content from a client device;
transmitting, by the router, the request to a content server;
receiving, at the router, a first set of streamed video data packets sent by the content server in response to the request, each of the first set of streamed video data packets comprising encrypted video data for a first streamed video and an unencrypted header;
transmitting, by the router, the first set of streamed video data packets to the client device;
examining, by the router, the unencrypted header for information identifying the first streamed video;
determining, by the router, that the first streamed video is not identifiable from the unencrypted header;
responsive to determining that the first streamed video is not identifiable from the unencrypted header:
decrypting, by the router, the encrypted video data to create decrypted video data,
processing, by the router, the decrypted video data to identify the first streamed video, and
transmitting, by the router, a first identification of the first streamed video to an analytics server;
receiving, by the router, a second set of streamed video data packets, each of the second set of streamed video data packets comprising encrypted video data for a second streamed video and an unencrypted header;
examining, by the router, the unencrypted header of each of the second set of streamed video data packets for information identifying the second streamed video;
determining, by the processor, that the second streamed video is identifiable from the unencrypted headers of the second set of streamed video data packets; and
transmitting, by the router, a second identification of the second streamed video to the analytics server.

US Pat. No. 10,142,381

SYSTEM AND METHOD FOR SCALABLE CLOUD SERVICES

IntelliVision Technologie...

1. An event recognition system, said system comprising:an event recognition module:
a processor-controlled video camera;
a client computerized device;
a processor;
a non-transitory storage medium coupled to the processor;encoded instructions stored in the non-transitory storage medium, which when executed by the processor, causes the processor to:analyze a computed pixel value from at least one zone of at least one event-detected image frame captured from at least one processor-controlled video camera;reference said zone-specific value against at least one of a pre-defined or learned reference table of event-recognized computed pixel values;retrieve at least one of a recognized event from the reference table based on a threshold-grade match of least one of pixel values, zone-dependent pixel values, analysis of pixel values, metadata and, or a hash map, wherein said recognized event is at least one of a recognition of a face, person, group, object, movement, action, intrusion, specific location, vehicle, vehicle/license plate, impact, or aberrant sound; andtransmit at least any one of a single stream of the recognized event or a single stream of an audio-video sequence succeeding and, or preceding the recognized event, and including the recognized event, to a client device,wherein a contextual data comprising information of the recognized event is overlaid on the single stream; and in response to a determination that the processor-controlled video camera is improperly operating, transmit a status message indicating that the processor-controlled video camera is improperly operating to the client computerized device.

US Pat. No. 10,142,380

JOINING EXECUTABLE COMPONENT TO ONLINE CONFERENCE

Microsoft Technology Lice...

1. A system comprising: a user interface presentation component that causes, at least under one circumstance, a user interface to be presented on a display of the system, the user interface comprising at least:an online conference portion that shows a separate visualization for each of a plurality of participants in an online conversation that involves at least audio and video; and
a contacts portion that is visually separated from the online conference portion and that concurrently includes separate visualizations within the contacts portion for each of one or more individuals and each of one or more executable components that can be joined to the online conversation as participants, wherein each of the one or more executable components comprises computer executable code configured to cause an action associated with the executable component to occur within the online conversation when the executable component is joined to the online conversation as a participant of the online conversation; and
a joining component that joins participants into the online conversation when an instruction to join the participants into the online conversation is detected, wherein when an instruction to join a particular executable component of the one or more executable components from the contacts portion into the online conversation is detected, the joining component causes the particular executable component to be joined to the online conversation such that the action associated with the particular executable component occurs within the online conversation.

US Pat. No. 10,142,379

MEASURING PAGE VIEWERSHIP IN A SOCIAL NETWORK

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:maintaining, by a social networking system, a page including a plurality of posts and having at least one administrator;
receiving, by the social networking system, at least a first request from a first user of the social networking system, a second request from a second user, and a third request from a third user to view a particular post of the plurality of posts;
classifying by the social networking system, the first request as one of a tracked count of organic requests responsive to detecting that the first user encountered the particular post from a page on the social networking system associated with the first user;
classifying, by the social networking system, the second request as one of a tracked count of paid channel requests responsive to detecting that the second user was directed to the particular post from sponsored content on the social networking system;
classifying, by the social networking system, the third request as one of a tracked count of viral requests responsive to detecting that the third user was directed to the particular post from a story published by a friend of the third user connected to the third user on the social networking system;
receiving, by the social networking system, requests from one or more users of the social networking system to interact with one or more of the plurality of posts;
receiving, by the social networking system, a request from the at least one administrator of the page for analytical information about the page; and
sending, by the social networking system, information associated with the page maintained by the social networking system to display to the at least one administrator in a user interface, the user interface not accessible by a user of the social networking system unless the user is designated as an administrator of the page maintained by the social networking system, the sent information including for each of the plurality of posts:
a number of times users of the social networking system requested to view the post, and
a number of times users of the social networking system requested to interact with the post;
receiving, by the social networking system, a request for more data relating to the number of times users of the social networking system requested to view the post;
responsive to the request, providing for presentation, the tracked count of the organic views, the tracked count of the paid channel views, and the tracked count of the viral views.

US Pat. No. 10,142,378

VIRTUAL IDENTITY OF A USER BASED ON DISPARATE IDENTITY SERVICES

SYMANTEC CORPORATION, Mo...

1. A computer-implemented method comprising:identifying, by an identity service broker implemented by at least one computer processor, an authentication of a user provided by a first identity service;
generating, by the identity service broker, a virtual identity of the user comprising a plurality of virtual attribute fields;
populating, by the identity service broker, a first virtual attribute field of the plurality of virtual attribute fields based on a value of a first attribute associated with the user and recorded by the first identity service;
determining, by the identity service broker after the populating of the first virtual attribute field, that a second virtual attribute field of the plurality of virtual attribute fields is not assigned a value;
identifying, by the identity service broker, a second identity service associated with the user when it is determined that the second virtual attribute field is not assigned a value, the second identity service configured to provide attributes of the user but not configured to provide authentication of the user, wherein the second identity service is identified based on identifying a link between an attribute of the second identity service and the first attribute of the first identity service;
populating, by the identity service broker, the second virtual attribute field of the plurality of the virtual attribute fields with a value of a second attribute recorded by the second identity service, wherein the second attribute is not the linked attribute of the second identity service and is not recorded by the first identity service; and
allowing, by the identity service broker, access for the user to a software application or a network application that is managed by the identity service broker based on the value of the populated second virtual attribute field of the virtual identity of the user satisfying a condition of a policy associated with the populated second virtual attribute field, the allowing of access being enabled by the link, which comprises a federated identity of the user, between the previously-unlinked second identity service and first identity service.

US Pat. No. 10,142,377

RELEVANCY IMPROVEMENT THROUGH TARGETING OF INFORMATION BASED ON DATA GATHERED FROM A NETWORKED DEVICE ASSOCIATED WITH A SECURITY SANDBOX OF A CLIENT DEVICE

FREE STREAM MEDIA CORP., ...

1. A system comprising:a client device capable of being associated with a plurality of networked devices through a computer network to:
process an embedded object,
constrain an executable environment in a security sandbox, and
execute a sandboxed application in the executable environment, the embedded object being processed through the sandboxed application; and
a relevancy-matching server to:
receive primary data generated from fingerprint data of each of the plurality of networked devices,
match the primary data with targeted data based on a relevancy factor,
search a storage for the targeted data, and
cause rendering of the targeted data through the embedded object processed through the sandboxed application of the client device,
wherein the primary data is any one of a content identification data and a content identification history.

US Pat. No. 10,142,376

METHOD, AND RELATED APPARATUS FOR RECOVERING CALLED SERVICE OF TERMINAL

Huawei Technologies Co., ...

1. A method for recovering a called service of a user terminal performed by a serving call session control function (S-CSCF), the method comprising:receiving a called request of the user terminal;
determining an initial proxy-call session control function (P-CSCF) entity with which the user terminal currently registers is faulty;
selecting an available P-CSCF for the user terminal;
notifying the available P-CSCF to trigger the user terminal to re-initiate IP Multimedia Subsystem (IMS) registration; and
delivering the called request to a re-registered P-CSCF to bear the called service of the user terminal after the user terminal completes the IMS registration.

US Pat. No. 10,142,375

CONTENT ENABLING SYSTEM

1. A system for remote acquisition of digital information, comprising:a content enabling device having a wireless interface for providing wireless connectivity to a content enabled region surrounding the content enabling device;
a sensory content apparatus or item for presenting sensory stimulus corresponding to digital content to a user of a mobile device, the mobile device being within the content enabled region configured to generate and transmit a token including at least one content ID parameter of a location of the mobile device in response to an actuation of the mobile device by the user at a specific time;
a content management server configured to store the digital content corresponding to the content enabling device and configured with a location of the content enabling device and an area of the content enabled region, the content management server being further configured to
receive the token from the mobile device,
determine if the location of the mobile device in the token is within the content enabled region, and
transmitting the digital content to the mobile device or a cloud based user account when the location of the mobile device is determined to be within the content enabled region.

US Pat. No. 10,142,374

DEVICE PAIRING TECHNIQUES USING DIGITAL WATERMARKING

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:establishing and participating, by a first user computing device and one or more second user computing devices via a remote server computing device, in an audio/video conference session; and
during the established audio/video conference session:
detecting, using a camera of the first user computing device, a digital watermark displayed by a display of a computing system that is distinct from the first user computing device and is not participating in the established audio/video conference session, the digital watermark being a visual indicator that is detectable by the camera of the first user computing device;
determining, by the first user computing device, a unique identifier for the computing system based on the digital watermark; and
automatically coordinating, by the first user computing device and using the unique identifier, the addition of the computing system to the established audio/video conference session.

US Pat. No. 10,142,373

SECURITY-CONNECTED FRAMEWORK

McAfee, LLC, Santa Clara...

1. A security controller apparatus for providing messaging services on a data exchange layer (DXL), comprising:a memory communicatively coupled to one or more processors;
a network interface;
a DXL services engine operable for providing an application programming interface (API) for connecting to a DXL enterprise service bus (ESB) via the network interface, wherein the DXL is configured to provide a context-aware producer-consumer framework on a service-oriented architecture; and
a domain security engine operable for consuming security events via the DXL, and configured for:
subscribing to a DXL security topic as a DXL consumer;
consuming a security event related to the DXL security topic via the DXL ESB;
as a DXL producer, publishing a DXL security message via the DXL ESB, wherein the DXL security message is configured to enable a DXL consumer to act on the security message;
consolidating a plurality of DXL messages;
building a context-sensitive security policy, comprising assigning a location-independent security policy to a DXL endpoint, and publishing the assignment via a DXL message;
publishing the context-sensitive security policy via a DXL message; and
providing security information and event management (SIEM) services according to the DXL security message, comprising pooling data from a plurality of dissimilar resources and normalizing the data for consumption via the DXL.

US Pat. No. 10,142,372

METHODS AND SYSTEMS FOR PROTECTING A SECURED NETWORK

Centripetal Networks, Inc...

1. A method comprising:receiving, by a server and from a first computing device, a first security update comprising a first set of network addresses;
updating, by the server, one or more rules stored in a memory of the server to include the first set of network addresses;
receiving, by the server and from a second computing device, a second security update comprising a second set of network addresses;
determining, by the server, that the second set of network addresses includes at least a portion of network addresses included in the first set of network addresses;
responsive to determining that the second set of network addresses includes the at least a portion of network addresses included in the first set of network addresses:
identifying, by the server, the at least a portion of network addresses included in the first set of network addresses;
identifying, by the server, at least one of the one or more rules stored in the memory of the server that specifies a range of network addresses comprising the at least a portion of network addresses included in the first set of network addresses; and
updating, by the server, the at least one of the one or more rules to include one or more other network addresses included in the second set of network addresses;
transmitting, by the server and to at least one packet security gateway, at least one of the one or more updated rules:
causing executing, by the packet security gateway and on a packet by packet basis, one or more rules in time-shifted phases, wherein the executing comprises:
executing, by the at least one packet security gateway, a first rule during a first period of time based on a first subset of network addresses:
executing, by the at least one packet security gateway, a second rule during a second period of time based on a second subset of network addresses: and
executing, by the at least one packet security gateway, a third rule during a third period of time based on a third subset of network addresses,
wherein the first period of time is followed by the second period of time, and the second period of time is followed by the third period of time, and
wherein the first subset of network addresses is smaller than the second subset of network addresses, and the second subset of network addresses is smaller than the third subset of network addresses.

US Pat. No. 10,142,371

AUTHORIZATION POLICY CUSTOMIZATION AND AUTHORIZATION POLICY LOCKDOWN

ORACLE INTERNATIONAL CORP...

1. A computer-implemented method comprising:receiving, from an administrative computer within a cloud services environment, a request to upgrade a cloud service application associated with a plurality of authorization policy artifacts, wherein:
upgrading the cloud service application comprises upgrading the plurality of authorization policy artifacts,
the cloud service application is provided as a service to a plurality of companies,
the plurality of authorization policy artifacts comprise customized authorization policy artifacts that are customized for at least one of the plurality of companies, and
the plurality of authorization policy artifacts comprise non-customized authorization policy artifacts that are not customized for any of the plurality of companies;
in response to receiving the request to upgrade the cloud service application, analyzing the plurality of authorization policy artifacts to identify a first subset of the plurality of authorization policy artifacts comprising the non-customized authorization policy artifacts and a second subset of the plurality of authorization policy artifacts comprising the customized authorization policy artifacts;
upgrading the first subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts;
requesting input for the second subset of the plurality of authorization policy artifacts based on the analyzing the plurality of authorization policy artifacts; and
upgrading the second subset of the plurality of authorization policy artifacts based on the input.

US Pat. No. 10,142,370

METHODS AND APPARATUS FOR GENERATING AND USING SECURITY ASSERTIONS ASSOCIATED WITH CONTAINERS IN A COMPUTING ENVIRONMENT

VMWARE, INC, Palo Alto, ...

34. A method, comprising:obtaining a container image from a repository by a processor of a relying party during an execution phase;
obtaining, by executing an instruction with the processor during the execution phase, a security assertion document associated with the container image, the security assertion document having been generated at a first time, the security assertion document being separate from the container image, the container image unaltered by the generation of the security assertion document at the first time, and the security assertion document including:
a container image reference indicative of the container image from which the security assertion document was generated;
a container assessable description indicative of a plurality of unassembled parts, the unassembled parts to be assembled based on the container image to form a container for execution in a host environment, and the unassembled parts including a property;
an assessment policy reference indicative of an assessment policy, wherein the assessment policy includes a rule specifying an expected value of the property; and
a security assertion generated based on the property and based on the rule;
determining, by executing an instruction with the processor during the execution phase, whether an assessed value of the property of one of the plurality of unassembled parts matches the expected value of the property; and
in response to determining that the assessed value matches the expected value, executing the container in the host environment at a second time, wherein the second time is subsequent to the first time.

US Pat. No. 10,142,369

METHOD AND SYSTEM FOR PROCESSING A STREAM OF INFORMATION FROM A COMPUTER NETWORK USING NODE BASED REPUTATION CHARACTERISTICS

ThreatMETRIX PTY LTD, Ch...

1. A method, implemented in a computer system that includes at least one processor and at least one storage device, for determining a reputation of a node in a context using information received electronically from a plurality of submitters, the method comprising:receiving, using the at least one processor, first information about one or more nodes from a first submitter of the plurality of submitters and second information about one or more nodes from a second submitter of the plurality of submitters, the one or more nodes being associated with a network;
identifying, using the at least one processor, a first reputation of the first submitter in the context and a second reputation of the second submitter in the context from a knowledge base,
wherein a reputation of a submitter in a given context is based at least on assertions associated with past behavior of the submitter in the given context and attributes from each of the other submitters of the plurality of submitters, each assertion from each submitter of the other submitters of the plurality of submitters weighted by a reputation of the submitter in the given context;
calculating, using the at least one processor, a node reputation of the node in the context based upon at least the first reputation of the first submitter in the context and the first information received from the first submitter and the second reputation of the second submitter in the context and the second information received from the second submitter,
wherein the node reputation of the node in a context is determined by calculating a sum of assertions from the submitter with respect to the context weighted by each submitter's reputation in the context, wherein the node reputation is expressed as a rational number based on normalized assertions, wherein a normalized assertion is expressed as:

where A denotes an assertion, Asxc is an assertion submitted by a submitter S in a context C about node X, and Asic is an assertion submitted by submitter S about node i, i=1 to n, and n is an integer;
transferring, using the at least one processor, the node reputation to a user of the computer system, and
developing and/or updating a knowledgebase intrusion detection system by applying the calculated node reputation.

US Pat. No. 10,142,368

FACILITATING REMOTE ACCESS OF DEVICES IN A SECURE ENVIRONMENT

UNITED PARCEL SERVICE OF ...

1. A computer implemented method, operated via a computer memory, comprising:receiving via a first encrypted connection using a first protocol, at a computing device running an application belonging to a first domain, cross-domain communication comprising a request for instructions for a peripheral device belonging to a second domain distinct from the first domain, the instructions comprising instructions for printing that include a native command language of the peripheral device, wherein the peripheral device is connected to a user computing entity and comprises a printer, scanner or a scale;
providing, from the application to a server outside of the second domain, the request for instructions over a second connection using a second protocol, wherein the server is located in a third domain distinct from the first and second domain, the first protocol is Hyper Text Transfer Protocol Secure and the second protocol is a remote method invocation (RMI);
responsive to receiving the request at the server, providing, from the server to the application, shipping or labeling information comprising the instructions over the second connection using the second protocol; and
providing, to the user computing entity, the shipping or labeling information comprising the instructions over the first encrypted connection using the first protocol for facilitating package shipping and remote control of the peripheral device.

US Pat. No. 10,142,367

SYSTEM AND METHOD FOR CREATION, DEPLOYMENT AND MANAGEMENT OF AUGMENTED ATTACKER MAP

ILLUSIVE NETWORKS LTD., ...

1. A system for network surveillance to detect attackers, comprising:a deception management server within a network of resources, comprising a deployment module managing and planting one or more decoy lateral attack vectors in one or more of the resources in the network, wherein a lateral attack vector is an object in memory or storage of a first resource in the network that may be used to access a second resource in the network; and
one or more decoy servers accessible from resources in the network, each decoy server comprising:
an alert module that issues an alert when a specific resource in the network accesses the decoy server via one or more of the decoy lateral attack vectors planted in the specific resource by said deployment module; and
a delay module, purposely delaying incoming connections to the decoy server while a resource accesses the decoy server, in order to allow additional time to monitor activity on the decoy server.

US Pat. No. 10,142,366

METHODS, SYSTEMS AND DEVICES TO MITIGATE THE EFFECTS OF SIDE EFFECT URLS IN LEGITIMATE AND PHISHING ELECTRONIC MESSAGES

VADE SECURE, INC., San F...

1. A computer-implemented method, comprising:receiving and storing an electronic message, in a memory of a computing device coupled to a computer network, the electronic message containing a uniform resource locator (URL);
parsing the URL in the electronic message stored in the memory of the computing device and identifying at least one original parameter in the URL, the at least one original parameter comprising a sequence of characters;
determining a length of the at least one original parameter;
determining a statistical distribution of lowercase letters, uppercase letters and/or numbers of the at least one original parameter;
determining a type of the identified at least one original parameter, the determined type being one of a plurality of predetermined types of parameters only when the length of the at least one original parameter is determined to be at least a predetermined minimum length and when the statistical distribution is determined to be consistent with normal distributions of such lowercase letters, uppercase letters and/or numbers;
transforming the identified at least one original parameter according to one of a plurality of parameter transformation rules selected according to the determined type to generate at least one transformed parameter;
reassembling the URL by substituting the at least one transformed parameter for the at least one original parameter;
accessing, over the computer network, the website pointed to by the reassembled URL using the at least one transformed parameter if the reassembled URL meets a predetermined minimum criterion,
foregoing accessing the reassembled URL if the reassembled URL does not meet the predetermined minimum criterion; and
analyzing a response of the accessed website to the at least one transformed parameters to determine whether the URL is a side effect URL.

US Pat. No. 10,142,365

SYSTEM AND METHODS FOR RESPONDING TO CYBERSECURITY THREATS

The Boeing Company, Chic...

1. A cyber-security monitoring (CSM) computer device for responding to cybersecurity threats, said CSM computer device comprising a processor in communication with a memory, said processor configured to: monitor a virtual network including plurality of virtual machines; detect a cybersecurity threat to a first virtual machine of the plurality of virtual machines; generate a second virtual machine based on an uncompromised version of the first virtual machine; adjust the second virtual machine to resist the cybersecurity threat; disconnect the first virtual machine from the virtual network to prevent communication between the first virtual machine and the plurality of virtual machines included in the virtual network; connect the second virtual machine to the virtual network in place of the first virtual machine, and subsequent to the disconnect of the first virtual machine, spoof one or more commands from the first virtual machine in response to the cybersecurity threat.

US Pat. No. 10,142,364

NETWORK ISOLATION BY POLICY COMPLIANCE EVALUATION

Upguard, Inc., Mountain ...

1. A method comprising:maintaining, in an internal network, a plurality of internal nodes, each node of the plurality of internal nodes comprising a corresponding node configuration;
receiving, at the internal network, network traffic from an outside network;
analyzing, by a node of the internal network, the node configuration of a first node of the internal network and the received network traffic;
calculating, in real-time and based on the analysis of the node configuration, a network vulnerability score, the network vulnerability score measuring the vulnerability of the network to malicious action;
determining if the network vulnerability score is below a vulnerability threshold;
responsive to determining that the network vulnerability score is below the vulnerability threshold, isolating the internal network from the outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and
after isolating the internal network:
reconfiguring the first node of the internal network;
simulating the received network traffic on the isolated network including the reconfigured first node;
calculating a simulated network vulnerability score based on the simulated received network traffic and measuring the expected vulnerability of the network to malicious action if the network were not isolated from the outside network; and
in response to the simulated network vulnerability score exceeding the vulnerability threshold, reversing the isolation of the internal network from the outside network.

US Pat. No. 10,142,363

SYSTEM FOR MONITORING AND ADDRESSING EVENTS BASED ON TRIPLET METRIC ANALYSIS

Bank of America Corporati...

1. A system for monitoring and addressing events based on triplet metric analysis, the system comprising:one or more memory devices; and
one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute computer-readable program code to:
transmit control signals to cause a vendor database system to continuously monitor a vendor database for a new data input and, in response to identifying the new data input, automatically transmit the new data input to the system, wherein the new data input comprises at least a threat actor, a threat means, and a targeted asset;
receive the new data input from the vendor database system, wherein the new data input comprises unformatted text of prose-form messages;
apply an optical character recognition process to the unformatted text of prose-form messages to extract and identify the threat actor, the threat means, and the targeted asset;
identify a threat actor value based on a comparison of the threat actor to an actor value database, wherein the threat actor value comprises a scalar representation of capabilities of the threat actor;
identify a threat means value based on a comparison of the threat means to a means value database, wherein the threat means value comprises a scalar representation of effectiveness of the threat means;
identify a targeted asset value based on a comparison of the targeted asset to an asset value database, wherein the targeted asset value comprises a scalar representation of exposure potential of the targeted asset;
calculate a threat-based exposure value with a threat-based exposure model that is based at least on the identified threat actor value, the identified threat means value, and the identified targeted asset value, wherein the threat-based exposure model comprises:
R=|avb|sin(?)sin(?)
wherein:
R is the threat-based exposure value calculated with the threat-based exposure model;
a is the identified threat actor value;
v is the identified threat means value;
b is the identified targeted asset value;
? is a degree of relation between the threat actor and the threat means; and
? is a degree of relation between the targeted asset and a combination of the identified threat actor and the identified threat means;
calculate a total threat-based exposure value as a sum of R and a plurality of different threat-based exposure values associated with different combinations of threat actors, threat means, and targeted assets;
in response to calculating the threat-based exposure value, transmit control signals configured to cause a computing device system associated with a user to display a three-dimensional representation of the threat-based exposure model;
receive, from the user interface of the computing device system associated with the user, instructions to print the threat-based exposure model; and
in response to receiving instructions to print the threat-based exposure model, transmit control signals configured to cause a three-dimensional printer system to print the threat-based exposure model.

US Pat. No. 10,142,362

CLOUD BASED SYSTEMS AND METHODS FOR DETERMINING SECURITY RISKS OF USERS AND GROUPS

Zscaler, Inc., San Jose,...

1. A method comprising:monitoring and managing, by one or more servers in a cloud-based security system, entities comprising users or groups of users via an in-line manner where the entities connect to the Internet through the cloud-based security system and where the cloud-based security system is external from the entities and associated enterprise networks, wherein the in-line manner comprises traffic between an entity and the Internet being processed through the cloud-based security system;
maintaining logs of transactions monitored through the cloud-based security system via the in-line manner;
obtaining a plurality of attributes from the transactions while excluding impossible comparison items from the transactions;
performing empirical scoring on normalizing the plurality of attributes for ranking risky entities, wherein the empirical scoring comprises categorizing violations detected via the in-line manner and based on security policy into categories and applying modifiable weightings thereto and determining a risk score as a weighted combination of normalized scores for each of the categories, wherein the categories are related to infections, malware, and suspicious behavior, wherein the weighted combination includes weights for severity of the categories and for length of time of infection of each category;
identifying the risky entities based on one of the empirical scoring and analytics; and
updating policies and/or monitoring for the risky entities in the cloud-based security system based on the identifying, wherein the updated policies adjust what functionality the risky entities are allowed to perform on the Internet enforced via the in-line manner by the cloud-based security system, and wherein the updated monitoring intensifies the monitoring via the cloud-based security system.

US Pat. No. 10,142,361

LOGIN CREDENTIAL ALERT SYSTEM

VISA INTERNATIONAL SERVIC...

1. A method comprising:receiving, by a first computer from an internet traffic monitoring computer, a decrypted username associated with a data breach at a first organization, wherein the internet traffic monitoring computer performed steps including:
receiving an encrypted username from a transaction computer, issuer computer, organization or other internet accessible resource provider, or third party computer,
decrypting the encrypted username to generate the decrypted username, and
transmitting the decrypted username to the first computer;
comparing, by the first computer, the decrypted username with previously received usernames from a plurality of organizations;
identifying, by the first computer, a second organization from the plurality of organizations at which the decrypted username is used;
encrypting, by the first computer, an alert using an encryption key; and
transmitting, by the first computer, the encrypted alert to a second computer associated with the second organization, the encrypted alert comprising the decrypted username, and the encrypted alert indicating that the decrypted username used at the second organization has been compromised for enhancing data security at the second organization.

US Pat. No. 10,142,360

SYSTEM AND METHOD FOR ITERATIVELY UPDATING NETWORK ATTACK MITIGATION COUNTERMEASURES

Arbor Networks, Inc., Bu...

1. A computer-implemented method to mitigate a malicious network attack, the method comprising:receiving an attack alert that a network attack has been detected;
saving a sample of captured network traffic in response to the attack alert;
playing back the sample while applying a playback countermeasure to the captured network traffic to block sample segments from the sample;
analyzing at least one of the blocked sample segments and throughput sample segments that are not blocked; and
adjusting the playback countermeasure in response to a result of the analyzing.

US Pat. No. 10,142,359

SYSTEM AND METHOD FOR IDENTIFYING SECURITY ENTITIES IN A COMPUTING ENVIRONMENT

AWAKE SECURITY, INC., Mo...

1. A method for identifying a security entity in a computing environment, comprising:monitoring a communication between a user computer and at least one destination computer by a security appliance executed on a computing device;
extracting a plurality of selective information from the communication by the security appliance;
identifying at least one security entity based on a subset of the selective information, wherein the subset of the selective information belonging to a first time interval;
confirming an identity of the identified at least one security entity as valid for the first time interval, based on an association between a decisive identifier and the identified at least one security entity during the first time interval;
evaluating another subset of selective information belonging to a second time interval and detecting the identified at least one security entity during the second interval, based on an association between the decisive identifier and the identity of the identified at least one security entity during the second time interval;
extending the association between the identified at least one security entity and the associated decisive identifier from the first time interval to the second time interval, based on the detection;
generating a knowledge graph for the identified at least one security entity based on the associated decisive identifier for a period extending from the first time interval to the second time interval; and
analyzing a network communication between the user computer and the at least one destination computer to detect a potential threat based on information included in the knowledge graph, wherein a result of analyzing the communication is utilized to generate information to update priority of analysis of incoming packets in further network communications between the user computer and the at least one destination computer.

US Pat. No. 10,142,358

SYSTEM AND METHOD FOR IDENTIFYING AN INVALID PACKET ON A CONTROLLER AREA NETWORK (CAN) BUS

SYMANTEC CORPORATION, Mo...

1. A method of detecting an invalid packet on a Controller Area Network (CAN) bus having a plurality of CAN nodes coupled thereto comprising:monitoring a CAN identifier (CAN ID) of each packet sent by each CAN node;
identifying whether an ACK Slot bit of a monitored packet is set to “1” or “0;”
monitoring, for a predetermined time, in response to the ACK Slot bit set to “1,” for a subsequent packet possessing the same CAN ID;
storing, in response to the subsequent packet possessing a same CAN ID, the CAN ID in a first database having a listing for valid packets;
storing, in response to the subsequent packet possession a different CAN ID, the different CAN ID in second database having a listing for invalid packets;
monitoring, in response to the ACK Slot bit set to “0,” for a same CAN ID having an ACK Slot bit equal to “0” from a previously monitored packet;
storing, in response to an absence of the previously monitored packet having the same CAN ID having the ACK Slot bit equal to “1,” the CAN ID of the CAN ID having the Slot bit equal to “0” in the second database; and
disabling the invalid packet.

US Pat. No. 10,142,357

SYSTEMS AND METHODS FOR PREVENTING MALICIOUS NETWORK CONNECTIONS USING CORRELATION-BASED ANOMALY DETECTION

Symantec Corporation, Mo...

1. A computer-implemented method for preventing malicious network connections using correlation-based anomaly detection, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:monitoring computing activity within a network that includes a plurality of computing devices over a plurality of time periods;
while monitoring the computing activity within the network:
detecting, during a first time period, at least one network connection that involves at least one of the computing devices within the network;
determining that the network connection detected during the first time period is malicious based at least in part on telemetry data collected from a plurality of security products related to the computing device;
determining that no malicious network connections involving the computing device were detected during a second time period;
identifying a feature of the computing activity that:
occurred during the first time period; and
did not occur during the second time period;
determining that the feature is likely indicative of malicious network activity due at least in part to the feature having occurred during the first time period and not having occurred during the second time period;
detecting, after the first time period and the second time period, a presence of the feature in connection with a subsequent network connection at a subsequent point in time; and
in response to detecting the presence of the feature in connection with the subsequent network connection at the subsequent point in time:
classifying the subsequent network connection as malicious; and
performing at least one security action on the subsequent network connection attempted around the subsequent point in time.

US Pat. No. 10,142,356

CHANNEL DATA ENCAPSULATION SYSTEM AND METHOD FOR USE WITH CLIENT-SERVER DATA CHANNELS

ShieldX Networks, Inc., ...

1. A method comprising:receiving, by a first security microservice, a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data;
performing a security service on the first encapsulated data using the first encapsulation context, wherein the security service is one of a plurality of microservices used to secure traffic passing between applications and servers through a routing network;
receiving, by the first security microservice, a response from the second security microservice comprising a second security microservice context, a second timestamp, and a second load;
generating, by the first security microservice, a first timestamp and a first load, wherein the timestamps represent the duration of processing performed by the first and second microservices and the first and second loads represent the loading of the first and second microservices processing the encapsulated channel data, the loading being represented in either relative or absolute terms; and
transmitting, by the first security microservice, a response to the first channel data encapsulation packet, wherein the response includes the first timestamp and first load generated by the first security microservice, wherein the timestamp and load values are recorded to be used in load balancing decisions for future security service requests among microservices; and
wherein the first and second security microservices are implemented with computer-readable instructions stored in memory on a network security server, the memory coupled to one or more hardware processors executing the first and second security microservices.

US Pat. No. 10,142,355

PROTECTION OF TELECOMMUNICATIONS NETWORKS

TELUS Communications Inc....

1. A protection system for an internet service provider (ISP) network, wherein the ISP network is configured to relay packets between user devices connected to the ISP network and between the user devices and other internet devices, some of the user devices having threats that cause the respective user devices to send or receive threat-related packets, the protection system comprising:an evaluation engine, the evaluation engine being configured to receive input signals including:
network-based statistics obtained from ISP network devices of the ISP network;
information obtained from analysis of traffic on the ISP network by ISP security devices of the ISP network; and
details of threats on the user devices from a security application on the user devices;
the evaluation engine being configured to perform analytics on information contained within the input signals by reference to technical specifications and configuration information of the ISP network devices and the ISP security devices to assess an overall threat level posed to the ISP network or a portion of the ISP network by the threats and determine whether an active threat that affects the reliability or security of the ISP network either on its own or in combination with other active threats on the user devices exists on any user device of the user devices and to produce a trigger output when such an active threat to the ISP network has been determined; and
protection devices of the ISP network, each protection device being configured to be responsive to the trigger output to take an action towards protection of the ISP network by mitigating the effect of the active threat that affects the reliability or security of the ISP network.

US Pat. No. 10,142,354

CLOUD-BASED COMMUNICATION ACCOUNT SECURITY

1. A method comprising:receiving, by a computer system comprising a processor, over a network, a request to resolve a problem relating to a user device, wherein the request is received from one of a preinstalled application associated with the user device or from a user of the user device, and wherein the request comprises initial symptoms provided by the one of the preinstalled application associated with the user device or the user of the user device;
selecting, by the processor, based at least in part on the initial symptoms of the request provided by the one of the preinstalled application associated with the user device or the user of the user device, a diagnostic algorithm of a plurality of diagnostic algorithms to analyze data associated with the user device to identify symptoms of the problem and diagnose a cause of the symptoms identified, wherein the diagnostic algorithm, when executed by the processor, causes the processor to perform operations comprising
identifying applications that are generating traffic on the user device,
mapping network connections for the applications that are generating traffic on the user device, and
comparing the network connections for the applications that are mapped with preapproved network connections for the user device to diagnose at least one unapproved mapped network connection as the cause of the symptoms identified; and
searching, by the processor, to identify a solution to resolve the cause of the symptoms identified, wherein the solution to resolve the cause of the symptoms identified is based at least in part on diagnosis of the at least one unapproved mapped network connection as the cause of the symptoms identified.

US Pat. No. 10,142,353

SYSTEM FOR MONITORING AND MANAGING DATACENTERS

CISCO TECHNOLOGY, INC., ...

1. A system within a datacenter, comprising:two or more sensors configured to:
capture a packet;
describe the packet in a packet log;
send the packet log to a collector;
the collector being configured to:
receive the packet logs from the two or more sensors;
determine that the packet logs describe a connection between two endpoints in a datacenter;
describe the connection in a flow log; and
an analytics module configured to:
determine a status of the datacenter, using any connections in the flow log;
detect an attack that originated from within the datacenter from at least the determined status of the datacenter; and
modify, in response to the detected attack, a security policy of the datacenter.

US Pat. No. 10,142,352

CONFIGURATION MANAGEMENT FOR VIRTUAL MACHINE ENVIRONMENT

International Business Ma...

1. A computer-implemented method for controlling a connection between a virtual machine and a physical device, the method comprising:receiving, by a virtual machine managing server, a connection request for connecting the physical device to the virtual machine;
in response to receiving the connection request, determining, by the virtual machine managing server, whether the virtual machine satisfies a first connection permission condition and whether the physical device satisfies a second connection permission condition, wherein the second connection permission condition comprises a setting of a configuration of the physical device and a setting of a context of the physical device comprising a physical location of the physical device and a current time, wherein the physical location of the physical device is based on an internet protocol (IP) address of the physical device;
in response to a determination that the virtual machine does not satisfy the first connection permission condition, changing, based on a first instruction sent from an endpoint managing server, a configuration of the virtual machine to satisfy the first connection permission condition;
in response to a determination that the physical device does not satisfy the second connection permission condition, changing, based on a second instruction sent from the endpoint managing server, the configuration of the physical device to satisfy the second connection permission condition;
in response to a determination that the virtual machine satisfies the first connection permission condition and that the physical device satisfies the second connection permission condition, accepting, by the virtual machine managing server, the received connection request to connect the physical device to the virtual machine;
in response to accepting the received connection request, establishing a connection between the virtual machine and the physical device;
in response to establishing the connection between the physical device and the virtual machine, dynamically detecting a change in at least one selected from the group consisting of: the configuration of the virtual machine, a context of the virtual machine, the configuration of the physical device, and the context of the physical device;
determining that the dynamically detected change does not satisfy at least one of the first connection permission condition or the second connection permission condition; and
in response to the determination of the dynamically detected change, disconnecting the connection between the virtual machine and the physical device.

US Pat. No. 10,142,351

RETRIEVING CONTACT INFORMATION BASED ON IMAGE RECOGNITION SEARCHES

Google LLC, Mountain Vie...

1. A method for transmitting contact information to a requestor, the method comprising:receiving, by one or more processors, from a requestor an image of a user, wherein the requestor and the user are different users;
identifying, by the one or more processors, the user in the image;
determining, by the one or more processors, a time associated with the image of the user;
retrieving, by the one or more processors, a permission rule associated with the identified user, the permission rule indicating a predetermined threshold of proximity between a location of the user and a location of the requester around the time associated with the image;
determining, by the one or more processors, whether the permission rule is satisfied; and
responsive to satisfying the permission rule, transmitting, by the one or more processors, the contact information of the user to the requestor.

US Pat. No. 10,142,350

INFORMATION PROCESSING APPARATUS PERMITTING EXECUTION OF AN APPLICATION PROGRAM BY A TERMINAL APPARATUS BASED ON A LOCATION OF THE TERMINAL APPARATUS, AND INFORMATION PROCESSING METHOD OF PERMITTING THE APPLICATION PROGRAM TO BE EXECUTED BY THE TERMINAL A

FUJITSU LIMITED, Kawasak...

1. An information processing apparatus configured to communicate with a terminal device, the information processing apparatus comprising:a memory; and
a processor coupled to the memory and configured to
receive, from the terminal device, location information indicating a location at which the terminal apparatus is located,
transmit an application program, which includes a first function and a second function, to the terminal apparatus in accordance with the location information,
permit the terminal apparatus to execute the first function and the second function of the application program, when the location indicated by the location information is included in a first location range,
permit the terminal apparatus to execute the first function and prohibit the terminal apparatus to execute the second function, when the location indicated by the location information is not included in the first location range and is included in a second location range,
detect a quitting of the application program,
in a case in which the quitting of the application program is detected when the location indicated by the location information is included in the second location range, narrow the second location range, and
in a case in which the quitting of the application program is detected when the location indicated by the location information is outside of the second location range, extend the second location range.

US Pat. No. 10,142,349

VERIFYING NETWORK-BASED PERMISSIONING RIGHTS

Palantir Technologies Inc...

1. A method of verifying permissioning rights to one or more data resources associated with a data processing platform, the method being performed using one or more processors and comprising:receiving, from a client device, an assertion statement identifying a user, a data resource and an operation performable with respect to the data resource;
the operation performable with respect to the data resource comprising a read operation or a view operation;
applying the received assertion statement to a network database storing an access control list defining, for each of a plurality of data resources associated with the data processing platform, one or more users having permission to perform one or more operations on the respective data resource, wherein applying the assertion statement is effective to determine if the received assertion statement is true or false in relation to said data resource identified in the assertion statement, by determining a first data structure comprising an assertion tree for said data resource, the assertion tree comprising an expected hierarchical resource graph that represents permissions of the identified data resource and of one or more dependencies of the identified data resource, that would make the assertion statement true, determining a second data structure comprising a corresponding hierarchical resource graph that represents part of the access control list, and comparing the first data structure with the second data structure to determine if the assertion statement is true or false; and
in the event that the assertion is false, generating an error message for output.

US Pat. No. 10,142,348

ENHANCED DATA INTERFACE FOR CONTACTLESS COMMUNICATIONS

Visa International Servic...

1. A method comprising:receiving, by a hardware communication device, a request for available applets from a hardware device;
providing, by the hardware communication device, a list of available applets including trusted applet identifiers and untrusted applet identifiers to the hardware device;
receiving, by the hardware communication device, a selection of an untrusted applet identifier from the list and an entity identifier associated with the hardware device, wherein the selection of the untrusted applet identifier from the list is determined based on a highest priority applet of the available applets supported by the hardware device;
validating, by the hardware communication device, that the hardware device is authorized to access credentials associated with the selected untrusted applet identifier by comparing the entity identifier to a list of trusted entity identifiers; and
providing, by the hardware communication device, the credentials associated with the selected untrusted applet identifier to the hardware device.

US Pat. No. 10,142,347

SYSTEM FOR CENTRALIZED CONTROL OF SECURE ACCESS TO PROCESS DATA NETWORK

BANK OF AMERICA CORPORATI...

12. A method for supporting and controlling access to a private block chain within a private block chain distributed network, the method comprising:receiving, by one or more processing devices, a request from a user utilizing a node to access the private block chain, wherein the request includes received authentication credentials, wherein the private block chain network comprises a distributed network of nodes managed by one or more entities, wherein nodes from the distributed network of nodes are operatively coupled to each other, have at least a portion of a private ledger, and share information on the ledger through electronic communication, and wherein the received authentication credentials comprises user authentication credentials and node authentication credentials;
comparing, by the one or more processing devices, the received authentication credentials with stored authentication credentials for the user and the node;
allowing, by the one or more processing devices, the user to access the private block chain distributed network when the received authentication credentials meet the stored authentication credentials for the user and the node;
determining, by the one or more processing devices, one or more types of actions that the user is allowed to, or prevented from, taking based on the comparison of the received authentication credentials with the stored authentication credentials;
receiving, by the one or more processing devices, an indication that the user took an action for an event within the private block chain, wherein the action occurred on the node from the distributed network of nodes, and wherein the action is validating the event using event information on the private ledger of the node from the distributed network of nodes of the private block chain, storing the event information for the event on the private ledger of the node from the distributed network of nodes of the private block chain, or disseminating the event information for the event on the private ledger of the node to one or more other nodes of the distributed network of nodes of the private block chain; and
determining, by the one or more processing devices, limits, wherein the limits comprise one or more user limits, one or more node limits, one or more entity limits, one or more event limits, and one or more action limits;
comparing, by the one or more processing devices, the action taken and the user, the node, an entity associated with the user, and the event associated with the action to the limits, including the one or more user limits, the one or more node limits, the one or more entity limits, the one or more event limits, and the one or more action limits; and
allowing or denying, by the one or more processing devices, the action based on the determination of the one or more types of actions that the user is allowed to, or prevented from, taking based on the comparison of the received authentication credentials with the stored authentication credentials and based on the comparison of the action and the user, the node, the entity, and the event associated with the action to the limits.

US Pat. No. 10,142,346

EXTENSION OF A PRIVATE CLOUD END-POINT GROUP TO A PUBLIC CLOUD

CISCO TECHNOLOGY, INC., ...

1. A method of extending a private cloud to a public cloud, the method comprising:establishing, by an orchestrator, a virtual private network between a private cloud and a public cloud, wherein the private cloud is behind a firewall;
receiving, by the orchestrator, one or more access control lists provisioned by the private cloud;
determining, by the orchestrator, contracts between an end point group of the private cloud and an end point group of the public cloud based on the one or more access control lists;
extending, by the orchestrator, the end point group of the private cloud to the end point group of the public cloud across the virtual private network; and
monitoring and troubleshooting, by the orchestrator, the end point group of the public clouds and associated public endpoints of the public cloud.

US Pat. No. 10,142,345

METHOD AND APPARATUS FOR MULTI-USERS REGISTERING HOME NETWORK SUPPORTING APPLICATION BASED DEVICE

Samsung Electronics Co., ...

1. A method for registering a device supporting home networking, by a server, the method comprising:receiving, from a first device, a registration request message for a second device, wherein the registration request message includes device information of the second device;
identifying that the second device is not registered based on the device information of the second device;
registering the second device based on confirming a first authentication code of the second device;
obtaining a first re-registration authentication code of the second device when the first authentication code of the second device is confirmed;
mapping the first re-registration authentication code to the device information of the second device; and
transmitting, to the first device, a completion message for the registration procedure for the second device.

US Pat. No. 10,142,344

CREDENTIAL MANAGEMENT SYSTEM

HRB Innovations, Inc., L...

1. A method of securely caching a user's credentials for subsequent reuse, comprising the steps of:automatically, based on a sign on by the user, determining whether a user-locked file containing credentials for the user exists in a location hidden from the user;
if the user-locked file containing credentials for the user does not exist:
automatically creating, in the location hidden from the user, using a first system-locked stored procedure, the user-locked file containing credentials, wherein the credentials will be utilized to access a shared, secure resource;
if the user-locked file containing credentials for the user does exist:
reading, using a second system-locked stored procedure, the user's credentials from the user-locked file;
populating the user's credentials into one or more variables accessible from a stored procedure run by the user; and
accessing, from the stored procedure run by the user, the shared, secure resource using the user credentials stored in the one or more variables.

US Pat. No. 10,142,343

UNAUTHORIZED ACCESS DETECTING SYSTEM AND UNAUTHORIZED ACCESS DETECTING METHOD

NIPPON TELEGRAPH AND TELE...

1. An unauthorized access detecting system, comprising:processing circuitry configured to
generate authentication information that is used to log in to a predetermined server,
set the generated authentication information generated on a predetermined analyzing host and cause a program to be analyzed to operate on the predetermined analyzing host, wherein the program is allowed access to the set authentication information,
detect unauthorized access to a content at a predetermined server using the authentication information,
obtain a program corresponding to the authentication information by referring to a table stored in a memory, the table prescribing correspondence between the authentication information and the program, and
identify, as a program that leaks out information, the program that operates on the predetermined analyzing host set with the authentication information if unauthorized access using the authentication information has been detected.

US Pat. No. 10,142,342

AUTHENTICATION OF CLIENT DEVICES IN NETWORKS

Extreme Networks, Inc., ...

1. A method comprising:receiving identity information at an edge configuration device from a physical end device via a connection, wherein the identity information identifies the physical end device or one or more users associated with the physical end device, and wherein the identity information includes a request for permission for the physical end device to access a Shortest Path Bridging (SPB) network;
sending a request from the edge configuration device over the SPB network to an access control server connected to the SPB network in response to receiving the identity information, wherein the request requests authentication for the physical end device;
receiving authentication at the edge configuration device from the access control server for the physical end device to connect to the SPB network;
receiving network configuration information at the edge configuration device from the access control server in response to sending the request for authentication; and
using the network configuration information to configure the edge configuration device for use with one or more virtual local area networks (VLANs) of the SPB network for use with the physical end device.

US Pat. No. 10,142,341

APPARATUS, SYSTEM AND METHOD FOR WEBRTC

NEC Corporation, Tokyo (...

1. An authentication method in a communication system, the method comprising:sending a token from a WWSF (WebRTC (Web Real Time Communication) Web Server Function) to a UE (User Equipment) in an IMS (IP (Internet Protocol) Multimedia Subsystem) registration, wherein the token is generated by binding an IMPU (IMS public user identity) to a webRTC ID (Identity) received by the WWSF from the UE, and the token is transmitted from the WWSF to the UE;
sending a REGISTER message with the token from the UE to an eP-CSCF (enhanced Proxy-CSCF (Call Session Control Function));
verifying the token by the eP-CSCF, the token having an effective time;
forwarding the REGISTER message from the eP-CSCF to an S-CSCF (Serving-CSCF);
receiving a subscription profile from an HSS (Home Subscriber Server) to the S-CSCF; and
sending a 200 OK message from the S-CSCF to the UE via the eP-CSCF.

US Pat. No. 10,142,340

SYSTEM FOR DETECTION AND IDENTIFICATION OF ELECTRONIC DEVICES AND ALLOCATION OF PROXY IDENTIFIERS FOR SAME

Bank of America Corporati...

1. A system for detection and identification of electronic devices and allocation of proxy identifiers for the same, the system comprising:a memory;
a processor; and
a module stored in the memory, executable by the processor, and when executed by the processor, causes the process to:
detect one or more electronic devices within a wireless network range;
identify the one or more electronic devices within the wireless network range, comprising:
matching the one or more electronic devices with one or more entries in a database of users;
determine that the one or more electronic devices has stored thereon one or more credentials;
access the one or more credentials;
copy the one or more credentials from the one or more electronic devices to a secure digital lock box;
detect that the one or more credentials have been copied to the secure digital lock box;
based on detecting that the one or more credentials have been copied to the secure digital lock box, permanently delete the one or more credentials from the one or more electronic devices;
allocate proxy identifiers corresponding to the one or more credentials;
initiate storage of the allocated proxy identifiers on the one or more electronic devices;
detect that the one or more electronic devices have attempted to perform a transaction that requires the use of the one or more credentials; and
based on detecting that the one or more electronic devices have attempted to perform a transaction that requires the use of the one or more credentials, initiate use of the proxy identifiers by the one or more electronic devices instead of use of the one or more credentials.

US Pat. No. 10,142,338

SYSTEMS AND METHODS FOR ONLINE THIRD-PARTY AUTHENTICATION OF CREDENTIALS

ID.me, Inc., McLean, VA ...

1. A computer-implemented method for online authentication of online attributes, the method including:receiving, at a server over an electronic network, an authentication request from a relying party, the authentication request including identity information to be authenticated and credential information to be authenticated;
determining, by the server, whether a user account is associated with the received identity information by accessing an internal database;
accessing, by the server from the internal database, user data of the user account determined to be associated with received identity information;
determining, by the server, authentication data to be obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated;
transmitting, by the server over the electronic network to the user, a request for authentication data;
determining, by the server, an assurance level associated with the authentication request based on the authentication request and the relying party, wherein a single-factor authentication is required for lower assurance levels and a multi-factor authentication is required for higher assurance levels;
receiving, at the server over the electronic network, authentication data associated with the user, wherein the authentication data is associated with a lifetime value, wherein the lifetime value identifies a length of time the authentication data is valid, wherein the authentication data further includes a status identifier, wherein the status identifier includes one of a pending, active, suspended, and revoked status, wherein the status identifier is placed in the revoked status after receiving and authenticating a revocation request;
transmitting, by the server over the electronic network to a verification data source server, authentication data associated with the user; and
receiving, at the server over the electronic network, an authentication result from the verification data source server for the user associated with authentication data.

US Pat. No. 10,142,337

HARDWARE IDENTIFICATION THROUGH COOKIES

Uniloc 2017 LLC, Wilming...

6. A non-transitory computer readable medium which includes one or more processors, and a memory, the computer readable medium including computer instructions which are configured to cause a server computer, by execution of the computer instructions in the one or more processors from the memory, to recognize a given remotely-located device as either a known device or an unknown device by:receiving, from the given device, a device identifier generated by hashing multiple cookies supplied from at least two different hosts which cookies are stored on the given device;
determining an amount of correlation between the device identifier of the given device and corresponding previously stored identifiers of each of one or more other devices; and
determining that the given device is a known device upon a condition in which the amount of correlation is at least a predetermined threshold.

US Pat. No. 10,142,336

COMMUNICATION SYSTEM AND METHOD

SCHNEIDER ELECTRIC INDUST...

1. A communication analysis method implemented in a first device configured to receive communication frames originating from a second device, said first device and said second device being configured to establish a communication between themselves in a secure communication session, said method comprising:storing parameters corresponding to the communication established with the second device during the secure communication session;
analyzing, in response to receiving a communication frame originating from the second device, the parameters of the communication during the reception of the communication frame in relation to the parameters stored for said communication; and
determining a renewal or a maintenance of the secure communication session according to the analysis carried out,
wherein the first device is a server including a microprocessor and the second device is a sensor with a microcontroller and a transmitter, and
wherein the communication is a cryptographic communication in a wireless environment,
wherein the analyzing further comprises checking a level of confidence assigned to the second device and when the level of confidence is downgraded in the event of inconsistency between the parameters of the communication during the reception of the communication frame and the parameters stored for said communication, renegotiating a new session key for the secure communication session.

US Pat. No. 10,142,335

DYNAMIC INTRINSIC CHIP IDENTIFICATION

International Business Ma...

1. A method for intrinsic chip identification, comprising:receiving first counter information from a device;
determining whether the first counter information matches second counter information;
enabling authentication in response to the first counter information matching the second counter information;
receiving a first set of frequencies from the device, wherein the first set of frequencies are selected based on the first counter information;
determining whether each frequency of the first set of frequencies is within a predetermined range of a corresponding frequency of a second set of frequencies, wherein the second set of frequencies are selected based on the second counter information;
selecting a challenge response pair comprising a challenge and a response as a result of each frequency of the first set of frequencies being within the predetermined range of a corresponding frequency of the second set of frequencies;
transmitting the challenge to the device in response to selecting the challenge response pair;
receiving the response as a result of the challenge being sent to the device;
determining whether the response matches an expected response; and
granting authentication as a result of the response matching the expected response.

US Pat. No. 10,142,334

COMMUNICATING APPARATUS, METHOD, AND COMMUNICATING SYSTEM

RICOH COMPANY, LTD., Tok...

1. A communicating apparatus that communicates with at least one terminal device, the communicating apparatus comprising:circuitry configured to
capture an image,
authenticate a person in the image that has been captured,
determine a direction of the person based on a result of authenticating the person, and control transmission of a radio wave in the determined direction to connect the terminal device to a network, and
communicate with the terminal device connected to the network by using access information included in the transmitted radio wave, wherein
the circuitry is further configured to
calculate a size of a room in which the person is located in each direction based on the image, and calculate a size of an area based on the calculated size of the room,
adjust a transmission area of the radio wave according to the size of the area, and
control the radio wave to reach an entirety of the area and adjust radio wave intensity so as to not transmit the radio wave outside of the area.

US Pat. No. 10,142,333

BIOMETRIC REFERENCE TEMPLATE RECORD

WELLS FARGO BANK, N.A., ...

1. A method, comprising:receiving, by an authentication computing system, a biometric reference sample and a user identifier, the user identifier uniquely identifying a user from whom the biometric reference sample was captured;
processing, by the computing system, the biometric reference sample to generate biometric data;
tokenizing, by the computing system, the biometric data using a first tokenization schema;
tokenizing, by the computing system, the biometric reference sample using a second tokenization schema;
generating, by the computing system, a reference template, the reference template including the tokenized biometric data;
generating, by the computing system, a biometric reference template record, the biometric reference template record including:
a template record identifier uniquely identifying the biometric reference template record, the template record identifier being associated with the user identifier,
the reference template,
a first identifier identifying that the reference template includes tokenized biometric data, and
a second identifier identifying that the reference template includes tokenized reference sample;
digitally signing, by the computing system, the reference template using SignedData cryptographic message syntax to generate a SignedData message;
binding, by the computing system, a third identifier to the SignedData message via an attribute of the SignedData message, the third identifier identifying the first tokenization schema, wherein the attribute includes a first uniform resource identifier query string, the first uniform resource identifier query string including a first uniform resource locator identifying a first tokenization service provider capable of recovering the biometric data from the tokenized biometric data; and
binding, by the computing system, a fourth identifier to the SignedData message via an attribute of the SignedData message, the fourth identifier identifying the second tokenization schema, wherein the attribute includes a second uniform resource identifier query string, the second uniform resource identifier query string including a second uniform resource locator identifying a second tokenization service provider capable of recovering the biometric reference sample from the tokenized biometric reference sample.

US Pat. No. 10,142,332

METHOD AND APPARATUS FOR A WEARABLE BASED AUTHENTICATION FOR IMPROVED USER EXPERIENCE

Samsung Electronics Co., ...

1. A wearable device, comprising:at least one transceiver, in the wearable device, the transceiver configured to communicate with a client device or a cloud based server; and
processing circuitry, in the wearable device, coupled to the transceiver, the processing circuitry configured to:
identify a pairing between the wearable device and the client device;
identify attributes of a first user of the wearable device, wherein at least one of the attributes is a biometric, wherein the first user is one of a plurality of users of the wearable device, and wherein at least one of the plurality of users of the wearable device is an authorized user of the client device;
compare the identified attributes of the first user to attributes corresponding to each one of a plurality of user profiles for the plurality of users of the wearable device stored in a memory element of the wearable device;
determine if the identified attributes of the first user match a first or a second profile of the plurality of user profiles stored in the memory element of the wearable device;
responsive to the identified attributes of the first user matching the first profile, determine if the first profile provides authorization for the first user to access the client device and authorization to access first specific functions of the client device;
responsive to the first profile providing authorization to access the client device and authorization to access first specific functions, send a message to unlock the client device and allow access to the first specific functions;
responsive to the identified attributes of the first user matching a second profile, determine if the second profile provides authorization to access the client device and authorization to access second specific functions of the client device;
responsive to the second profile providing authorization to access the client device and authorization to access the second specific functions, send a message to unlock the client device and allow access the second specific functions;
identify that the pairing no longer exists between the wearable device and the client device; and
responsive to the pairing no longer existing, de-authorize access to the respective first or second specific functions.

US Pat. No. 10,142,331

AUTHENTICATION FOR APPLICATION

Alibaba Group Holding Lim...

1. A method comprising:detecting a near-field device of a user by a terminal when a particular operation is triggered;
obtaining an identification of the near-field device;
sending the identification of the near-field device to a server to request the server to conduct an authentication of the near-field device that matches the near-field device with a particular near-field device corresponding to the particular operation according to the identification of the near-field device;
receiving a result of authentication performed by the server according to the identification of the near-field device; and
sending a notification by the near-field device to another device used by the user in response to receiving the result of failed authentication.

US Pat. No. 10,142,330

LOCKING SYSTEMS WITH MULTIFACTOR AUTHENTICATION AND CHANGING PASSCODES

1. A computer-based locking system using changing passcodes, comprising:an application server;
an application running on a computing device and in electronic communication with the application server,
wherein the application is configured to request an input passcode from the application server based on a lock ID,
wherein the application server is configured to store a plurality of lock IDs each in association with a unique lock algorithm,
wherein the application server is configured to retrieve an associated lock algorithm by accessing the lock ID, and
wherein the application server is configured to generate the input passcode using the associated lock algorithm; and
a lock comprising a passcode interface, a locking mechanism, and an electromechanical actuator,
wherein the lock ID corresponds to the lock,
wherein the passcode interface is configured to capture the input passcode,
wherein the lock is configured to execute the associated lock algorithm locally to generate a plurality of local passcodes based on an input time including at least one of a current time and a time near the current time, and
wherein the lock is configured to release the locking mechanism by actuating the electromechanical actuator to translate the locking mechanism into an open position, in response to the input passcode matching at least one local passcode from the plurality of local passcodes.

US Pat. No. 10,142,329

MULTIPLE-FACTOR AUTHENTICATION

1. A method comprising:verifying a first authentication factor for a user;
identifying at least one target endpoint device for the user;
accessing an application program interface (API) to generate a communication request that includes:
a first portion specifying the target endpoint device, and
a second portion that includes a set of one or more documents written in a programming language that includes call flow commands for call routing logic of a call control server, the call flow commands including commands specifying how to communicate a security code;
transmitting the communication request to the call control server;
receiving input from the user; and
verifying a second authentication factor for the user by comparing the input to the security code.

US Pat. No. 10,142,327

RULE BASED DEVICE ENROLLMENT

Oracle International Corp...

1. A system comprising:memory configured to store computer-executable instructions; and
at least one processor configured to access the memory and execute the computer-executable instructions to collectively at least:
detect a gateway device connected to one or more electronic devices in a communication network;
receive, from the gateway device, an enrollment request requesting enrollment of an electronic device of the one or more electronic devices with the system, the enrollment request including fingerprint information associated with the electronic device endorsed by a certificate associated with the gateway device;
identify an enrollment policy associated with the electronic device;
enroll the electronic device in accordance with the enrollment policy based on verifying the fingerprint information associated with the electronic device; and
transmit, to the gateway device, information that enables the electronic device to access resources of the system.

US Pat. No. 10,142,326

ATTRIBUTE-BASED ACCESS CONTROL

INTERNATIONAL BUSINESS MA...

1. A method for performing attribute-based access control across a first and a second security domain in a federated processing environment, the method comprising:adding, into a received security token that comprises first access control attributes and a signature of a first identity provider of the first security domain, additional access control attributes provided by a second identity provider of the second security domain;
re-signing, with a private key associated with a certificate of a second service provider in the second security domain, the received security token with the added additional access control attributes, where the re-signing comprises an assertion in the second security domain that the added additional access control attributes have been provided by the second identity provider of the second security domain; and
issuing the re-signed received security token for consuming, using the added additional access control attributes, by any service provider in the second security domain.

US Pat. No. 10,142,325

SYSTEMS AND METHODS FOR CREDENTIALS DISTRIBUTION

Ivanti, Inc., South Jord...

1. A method by a management server, comprising:receiving a credentials request from a requesting management node, wherein the credentials request includes a public key of the requesting management node;
determining whether the management server has credentials encrypted for the requesting management node in a local cache, wherein the credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server;
sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials, wherein the requesting management node can decrypt the encrypted credentials using a private key; and
when the management server determines that the management server does not have the encrypted credentials:
sending a multicast request to one or more peer management nodes, the multicast request including the public key of the requesting management node;
receiving a unicast response from a responding management node that includes the encrypted credentials for the requesting management node; and
sending the encrypted credentials received from the responding management node to the requesting management node.

US Pat. No. 10,142,324

METHOD FOR READING ATTRIBUTES FROM AN ID TOKEN

BUNDESDRUCKEREI GmbH, Be...

1. A method for a first computer system to read at least one attribute stored in an identification (ID) token associated with a user, and transmit the at least one attribute to a second computer system, the method comprising:sending a request from a third computer system, associated with the user, to the second computer system;
providing, by the second computer system, an attribute specification identifying the at least one attribute from the ID token in response to the request from the third computer system;
sending, by the second computer system, the attribute specification to the first computer system without interposition of the third computer system;
selecting, by the first computer system, at least one certificate of a plurality of certificates of the first computer system based on the attribute specification, each of the plurality of certificates including a different indication of attributes for which the first computer is authorized for read access, the at least one certificate including an indication of the at least one attribute identified in the attribute specification;
authenticating, by the ID token, the user;
authenticating, by the ID token, the first computer system using the at least one certificate of the first computer system, the at least one certificate being received by the ID token via a protected connection with end-to-end encryption between the ID token and the first computer system;
checking, by the ID token, an authorization of the first computer system for a read access to the at least one attribute identified in the attribute specification using the at least one certificate, the checking following successful authentication of the user and the first computer system;
effecting read access, by the first computer system, to the at least one attribute stored in the ID token if the first computer system is authorized for the read access;
signing, by the first computer system, the at least one attribute read from the ID token; and
sending, by the first computer system, the at least one signed attribute to the second computer system without interposition of the third computer system.

US Pat. No. 10,142,323

ACTIVATION OF MOBILE DEVICES IN ENTERPRISE MOBILE MANAGEMENT

HUAWEI TECHNOLOGIES CO., ...

1. A method, comprising:generating, at a mobile device, a first device security certificate, the first device security certificate including a representation of an identifier of the mobile device and a representation of a device key in a signature of the first device security certificate;
transmitting, by the mobile device, the first device security certificate to an authentication server;
receiving, at the mobile device, a server security certificate from the authentication server in response to a successful authentication by the authentication server, the server security certificate including a representation of a server key in a signature of the server security certificate, the server key corresponding to the device key and to a representation of a shared secret stored on the mobile device and known by the authentication server;
validating, at the mobile device, the server security certificate based on the signature of the server security certificate that includes the representation of the server key;
establishing, by the mobile device, a secure connection with the authentication server based on the first device security certificate and the server security certificate; and
enrolling, at the mobile device, at least one second device security certificate for formal communication over the secure connection.

US Pat. No. 10,142,322

METHODS AND APPARATUS FOR AUTHENTICATING IDENTITY OF WEB ACCESS FROM A NETWORK ELEMENT

TELLABS, INC., Napervill...

1. A communication network configured to generate a report identifying a user equipment (“UE”), comprising:a mobile device coupled to a communication network and configured to access and display online advertisements;
an advertising exchange server (“AES”) coupled to the communication network and configured to provide additional web pages relating to the online advertisements to the mobile device upon receipt of access requests associated with the online advertisement initiated by the mobile device;
a router configured to perform a gateway GPRS support node (“GGSN”), coupled to the mobile device and the AES for routing information between the mobile device and the AES, the router configured to obtain an International Mobile Subscriber Identification (“IMSI”) of the mobile device from web access request generated by the mobile device and a geo-location associated with the mobile device from a cell site coupled to the communication network, the router configured to create an authentication record containing the IMSI and the geo-location associated with the mobile device when an advertising access request for the online advertisements initiated by the mobile device is detected; and
a subscription partner coupled to the router and able to identify whether an ad-click is fraudulent based on IMSI information and geo-location of the mobile device in the authentication record.

US Pat. No. 10,142,321

SINGLE SIGN-ON PROCESSING FOR ASSOCIATED MOBILE APPLICATIONS

FISERV, INC., Brookfield...

1. A method for leveraging an initial server interaction session on behalf of a first mobile app for a continued server interaction session on behalf of a second mobile app, the method comprising:receiving, by a first mobile app executing on a mobile device and on behalf of a user of the mobile device, a first indication to launch the first mobile app;
receiving, by the first mobile app on behalf of the user, first authentication credentials for authenticating the user with a back-end server associated with the first mobile app;
generating, by the first mobile app, a sign-in request comprising i) information identifying the back-end server and ii) the first authentication credentials;
transmitting, by the first mobile app, the sign-in request to an application linking server;
receiving, by the first mobile app, a sign-in response comprising a session identifier indicative of an initial interaction session established with the back-end server on behalf of the user;
storing, by the first mobile app in at least one of i) memory or ii) data storage of the mobile device, the session identifier;
subsequent to storing the session identifier, receiving a second indication to launch a second mobile app;
determining, by the second mobile app executing on the mobile device based at least in part on the session identifier, that the initial interaction session with the back-end server exists and is active; and
initiating, by the second mobile app on behalf of the user, a continued interaction session with the back-end server leveraging the initial interaction session without obtaining, by the second mobile app from the user, second authentication credentials for authenticating the user with the back-end server.

US Pat. No. 10,142,319

PROTECTING NETWORK COMMUNICATION SECURITY

International Business Ma...

1. A method for protecting network communication security at a server by updating tokens in a valid token queue comprising a plurality of valid tokens that are maintained at the server, the method comprising:in response to a request from a client, determining, by the server, whether a token from the client is included in the valid token, the valid token queue being a first-in-first-out queue;
in response to the token being included in the valid token queue, the server managing the valid token queue based on a position of the token in the valid token queue, wherein managing the valid token queue based on a position of the token in the valid token queue comprises:
keeping the valid token queue unchanged in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being greater than or equal to a threshold distance;
generating a new token in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being less than a threshold distance; and
in response to generating the new token, updating the valid token queue with the new token when the token from the client is at the end of the valid token queue; and
the server sending a response that includes the new token to the client based on the managing of the valid token queue.

US Pat. No. 10,142,318

SELF-ADAPTIVE COMMUNICATION METHOD FOR ENCRYPTION DONGLE

Feitian Technologies Co.,...

1. A self-adaptive method for communication of a dongle, which applies for a system including a dongle and a host which has an upper software flat, whereinthe upper software flat executes the following steps:
Step s1, setting, by the upper software flat, information of a communication mode of the upper software flat according to a type of a main board of the host;
Step s2, obtaining, by the upper software flat, information of a communication mode of the dongle according to enumeration information returned from the dongle to the host when a connection between the dongle and the host is detected by the upper software flat;
Step s3, determining, by the upper software flat, whether the information of the communication mode of itself matches the information of the communication mode of the dongle, if yes, executing Step s5; otherwise, executing Step s4;
Step s4, sending, by the upper software flat, a communication instruction which includes the information of the communication mode of the upper software flat to the dongle via a control-transmission-channel, returning to Step s2; and
Step s5, communicating, by the upper software flat, with the dongle effectively via an interrupt-communication-channel according to the information of the communication mode of the upper software flat; and
the dongle executes the following steps:
Step r1, setting, by the dongle, the information of the communication mode of the dongle according to a communication mode identification of the dongle, performing an enumeration, returning enumeration information to the host after the enumeration is finished, and waiting for communicating with the upper software flat;
Step r2, communicating, by the dongle, with the upper software flat in the case that the dongle receives information sent from the upper software flat via the interrupt-transmission-channel; executing Step r3 in the case that the dongle receives a communication instruction sent from the upper software flat via the control-transmission-channel;
Step r3, setting, by the dongle, the communication mode identification of the dongle according to the information of the communication mode of the upper software flat in the communication instruction sent from the upper software flat;
Step r4, resetting the dongle; or, returning, by the dongle, set-state information to the upper software flat;
when the dongle is reset in Step r4, after the upper software flat sends the communication instruction including the information of the communication mode of the upper software flat to the dongle via the control-transmission-channel, the step further comprising:
waiting, by the upper software flat, for receiving the set-state information returned from the dongle, and outputting prompt information to pull out or insert the dongle again when the set-state information returned from the dongle is received.

US Pat. No. 10,142,317

SYSTEM AND METHOD FOR PROCESSING USER RIGHTS

Comcast Cable Communicati...

1. A method, comprising:storing, in a storage device, content, wherein a user account of a user device has a right to consume the content at a first time when the content is stored;
determining a time duration after which the content is removed from the storage device;
receiving, by an entitlement server from the user device, a first request for playback of the content at a second time;
determining, by the entitlement server, that a user associated with the user account does not have the right to consume the content at the second time;
determining, by the entitlement server, that the second time falls within the time duration; and
providing, based on the right to consume the content at the first time and the second time falling within the time duration, the content to the user device at the second time.

US Pat. No. 10,142,316

COMPUTERIZED METHOD AND SYSTEM FOR MANAGING AN EMAIL INPUT FACILITY IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT

Intralinks, Inc., New Yo...

1. A method for secure management of emailed content, the method comprising:providing a secure email input facility for accepting non-secure email addressed to a designated email address, wherein the non-secure email is received and at least one of the non-secure email and content delivered thereby is stored in a storage facility as secure content related to at least one of the sender of the email, the subject line of the non-secure email, the destination address of the email within the exchange, and the content of the email, wherein access to the secure content stored in the storage facility is limited to an access list with permissions assigned to each member of the access list;
assigning a first user and second user to the access list, wherein the step of assigning at least provides permission for the first user to send email content to the secure email input facility for storage of the email content in the storage facility and at least provides permission for the second user to access the email content stored in the storage facility;
receiving the email content from the first user, wherein the email content was addressed to the designated email address;
verifying permission for the first user to store email content in the storage facility in association with the designated email address;
storing the email content in the storage facility; receiving an access request for the second user to access the stored email content; and
granting access to the second user for access to the email content stored in the storage facility.

US Pat. No. 10,142,315

METHOD AND APPARATUS OF PROVIDING MESSAGING SERVICE AND CALLBACK FEATURE TO MOBILE STATIONS

KASEYA LIMITED, Dublin (...

1. A method comprising:generating a script responsive to an application being identified as needing to be executed on a mobile device;
executing the script in a mobile agent router device, wherein the script is configured to create at least one data message comprising at least one update to be performed on the mobile device and header information identifying the mobile device;
responsive to executing the script, initiating update commands to be performed on the mobile device periodically at specified times included in the script; and
transmitting the at least one data message comprising the update commands to the mobile device based on information included in the executed script, wherein the update commands are executed on the mobile device without user interaction.

US Pat. No. 10,142,314

METHOD AND APPARATUS FOR PROCESSING AUTHENTICATION REQUEST MESSAGE IN A SOCIAL NETWORK

Alibaba Group Holding Lim...

1. A method comprising:receiving, directly by a social network server, an authentication request message to establish a social relationship between a first client and a second client, the request message being sent by the first client;
determining, by the social network server and after receiving the authentication request message sent by the first client, a relationship chain information indicative of an indirect social network relationship between the first client and the second client;
determining, by the social network server, the relationship chain information between the first client and the second client based on identification information of the first client and identification information of the second client and a correlation between the identification information of the first and second clients and respective relationship chain information of the first and second clients;
searching, by the social network server, for a keyword in an inverted index;
locating, by the social network server, index records in the inverted index file of which identification information of the first client and the identification information of the second client are keywords;
obtaining, by the social network server, the relationship chain information of the first client and the second client from the located index records, the inverted index using the identification information of the first and second clients as an index keyword and the respective relationship chain information of the first and second clients as an index value; and
forwarding, by the social network server and in response to determining the relationship chain information between the first client and the second client, the authentication request message and the determined relationship chain information to the second client, the determined relationship chain information being for use by the second client to authenticate the authentication request message.

US Pat. No. 10,142,313

SYSTEM AND METHOD FOR AUTHENTICATING USER USING CONTACT LIST

Line Corporation, Tokyo ...

1. A system of a server comprising:one or more processors configured to execute computer-readable instructions to,
control the server to receive first contact list information from a first electronic device over a network, the first contact list information stored in the first electronic device;
control the server to store, in a database, and manage the first contact list information in association with an identifier of a user of the first electronic device;
control the server to determine if a number of contacts in the first contact list information is greater than or equal to a threshold value;
control the server to store and manage a first portion of contacts in the first contact list information in the database if the number of contacts in the first contact list information is greater than or equal to the threshold value;
control the server to compare second contact list information to the first contact list information in association with the identifier of the user, the second contact list information from the first electronic device or a second electronic device, the one or more processors configured to control the server to compare in response to a service request from the first electronic device or the second electronic device based on the identifier of the user; and
control the server to determine whether to authenticate the user in response to the service request from the first electronic device or the second electronic device based on a result of the comparing,
wherein the one or more processors is configured to perform the comparing the second contact list information to the first contact list information by comparing at least a second portion of contacts in the second contact list information to the first portion of the contacts in the first contact list information if the number of contacts in the first contact list information is greater than or equal to the threshold value.

US Pat. No. 10,142,312

SYSTEM FOR ESTABLISHING SECURE ACCESS FOR USERS IN A PROCESS DATA NETWORK

BANK OF AMERICA CORPORATI...

1. A system operatively connected with a block chain distributed network and for using the block chain distributed network for establishing secure access for users in a process data network, the system comprising:a memory device storing logic and rules for the block chain; and
a processing device operatively coupled to the memory device, wherein the processing device is configured to execute computer-readable program code to:
receive an indication that an entity has executed a transaction with a third source institution via a first transaction channel;
record information associated with the transaction executed by the entity with the third source institution in a distributed ledger of the block chain distributed network, wherein the distributed ledger further comprises past transactions executed by the entity with one or more financial institutions, wherein the past transactions comprise at least information associated with transactions executed by the entity with a first source institution and a second source institution via one or more predetermined transaction channels including at least a specific banking center, a specific ATM (Automatic Transaction Machine), or a specific online/mobile banking channel;
analyze the distributed ledger to determine a pattern associated with the past transactions executed by the entity stored in the distributed ledger;
compare the information associated with the transaction executed by the entity with the third source institution with the pattern associated with the past transactions stored in the distributed ledger to determine a match, wherein comparing further comprises at least determining that the first transaction channel matches at least one of the one or more predetermined transaction channels;
authorize the execution of the transaction executed by the entity with the third source institution to be completed based on at least determining a match between the information associated with the transaction executed by the entity with the third source institution and the pattern associated with the past transactions stored in the distributed ledger, wherein authorizing further comprises:
identifying a smart contract between the third source institution, the first source institution, and the second source institution, wherein the smart contract comprises logic and rules associated with the smart contract, wherein the smart contract is configured to be self-executing;
comparing the information associated with the transaction executed by the entity with the third source institution to the logic and rules of the smart contract;
determining that the information associated with the transaction executed by the entity with the third source institution meets the logic and rules of the smart contract; and
validating the information associated with the transaction executed by the entity with the third source institution in response to determining that the information associated with the transaction executed by the entity with the third source institution meets the logic and rules of the smart contract;
determine, based on at least the one or more past transactions executed by the entity via the one or more predetermined transaction channels, that the entity is associated with misappropriate activity;
aggregate information associated with past transactions executed by the entity via the one or more predetermined transaction channels with the one or more financial institutions; and
record the aggregated information associated with the past transactions in the distributed ledger.

US Pat. No. 10,142,311

COMMUNICATION SYSTEM AND COMMUNICATION DEVICE

RENESAS ELECTRONICS CORPO...

1. A communication system, comprising:a first device and a second device which are mutually coupled via a network so as to transmit and receive packets over the network,
wherein the first device and the second device respectively include a first packet counter and a second packet counter,
wherein a same random number value is given to the first and second packet counters as initial values of the first and second packet counters, and the first and second packet counters are respectively updated by the first device and the second device in association with each transmission and each reception of the packets by using values generated from performing a same lossy compression function on counted values of the first and the second packet counters as increment values,
wherein, when a message is to be transmitted to the second device, the first device generates a message authentication code on a basis of the message, draws out a part of the message authentication code on a frame position of some bits which are designated on a basis of a counted value of the first packet counter, sets the drawn-out part of the message authentication code as a divided message authentication code, generates a packet which includes the message and the divided message authentication code, and transmits the packet which includes the message and the divided message authentication code to the second device over the network, and
wherein, when the packet has been received from the first device, the second device generates another message authentication code on a basis of the message included in the received packet, draws out a part of the another message authentication code on the frame position of some bits which are designated on a basis of a counted value of the second packet counter, compares the drawn-out part of the another message authentication code with the divided message authentication code included in the received packet and performs a message authentication on the basis of a result of the comparison.

US Pat. No. 10,142,310

METHOD AND CLOUD SERVER FOR MANAGING DEVICE

Samsung Electronics Co., ...

10. A cloud server comprising:a memory; and
at least one processor coupled to the memory and configured to:
record information identifying a first device connected to the cloud server through a network,
record information indicating at least one function provided by the first device,
record execution authorization information indicating an object capable of performing the at least one function, and
authenticate, based at least in part on the execution authorization information, whether a second device has authorization to perform the at least one function provided by the first device; and
a communicator configured to:
receive, from the first device, a request for authenticating whether the second device that requests execution of the at least one function provided by the first device has the authorization to perform the at least one function provided by the first device, and
transmit a result of the authenticating to the first device,
wherein the cloud server is implemented as a hardware device, and
wherein the cloud server updates the execution authorization information through a device which is an administrator of the first device.

US Pat. No. 10,142,309

NO PASSWORD USER ACCOUNT ACCESS

DROPBOX, INC., San Franc...

1. A computer-implemented method, comprising:receiving, by a synchronized content management system, a request to access a user account at the synchronized content management system;
determining that the user account is a passwordless user account created at the synchronized content management system without a corresponding user account password, the passwordless user account providing user access to the synchronized content management system without user input of a password;
generating, by the synchronized content management system, tokens for passwordless authentication of the passwordless user account, the tokens comprising a device identifier and an email identifier, wherein the email identifier is associated with an email address registered with the passwordless user account;
sending, by the synchronized content management system, the device identifier to a client device;
sending, by the synchronized content management system, to the email address registered with the passwordless user account at the synchronized content management system, an email containing a link that:
when activated from the client device, triggers a browser application on the client device to obtain the email identifier and provide the email identifier to a client application that is also on the client device, the client application being configured to communicate with the synchronized content management system to synchronize changes to content items between local copies of the content items stored on the client device and remote copies of the content items stored on the synchronized content management system; and
when activated from a different client device triggers a notification to the synchronized content management system indicating that the email was accessed from the different client device;
receiving, by the synchronized content management system, both the device identifier and the email identifier from the client application on the client device;
determining, by the synchronized content management system, that the client application on the client device has possession of both the device identifier sent to the client device and the email identifier associated with the email address registered with the passwordless user account;
determining that the link was activated via the client device, based on the determining that the client device has possession of both the device identifier and the email identifier;
authorizing, by the synchronized content management system, the client device to access the passwordless user account without user input of the password, in response to determining that the client application on the client device has both the device identifier and the email identifier and determining that the link was activated via the client device; and
synchronizing one or more content items on the synchronized content management system to the client device for local storage at the client device, the one or more content items being associated with the passwordless user account.

US Pat. No. 10,142,307

SYSTEM AND METHOD FOR RECEIVING INFORMATION AMONG COMPUTER SYSTEMS WITHOUT ENABLING LOG INS IF THE USER IDENTIFIERS ARE COMPROMISED

1. A method of transferring data from a first account at a first computer system to a second account at a second computer system, the method comprising:receiving at a third computer system, separate from at least one of the first computer system and the second computer system, as part of a first request to arrange at least one transfer of the data from the first account to the second account, a first identifier that uniquely identifies a user of the second account but is not required by a user of the second computer system to log in as that user on the second computer system;
receiving at the first computer system a second request to arrange at least one transfer of the data from the first computer system, to the third computer system, said request comprising a second identifier, identifying a user of the first account at the first computer system;
responsive to the second request, authenticating the user of the first account at the first computer system by the first computer system, responsive to the second identifier received as part of the second request;
responsive to the authenticating step and to the second request received, providing from the first computer system to the third computer system a third identifier that uniquely identifies the user of the first account but is not required by a user of the first computer system to log in as that user;
storing on the third computer system the first identifier, associated with the third identifier;
receiving at the third computer system from the second computer system a request to transfer the data from the first account to the second account, said request comprising the first identifier;
at the third computer system, locating the third identifier responsive to the first identifier received;
providing from the third computer system to the first computer system the third identifier;
responsive to the third identifier, providing from the first computer system to the third computer system, the data from the first account corresponding to the request; and
sending from the third computer system to the second computer system the data received from the first computer system.

US Pat. No. 10,142,305

LOCAL SECURITY KEY GENERATION

Verizon Patent and Licens...

15. A device comprising:one or more processors configured to:
obtain calling security parameters;
send, to a called device, a first message that includes the calling security parameters, wherein the first message includes a session initiation protocol (SIP) message that has been modified using session description protocol (SDP) to include the calling security parameters;
receive, from the called device, a second message that includes called security parameters, wherein the second message includes a SIP message that has been modified using SDP to include the called security parameters;
derive a security key using the calling security parameters and the called security parameters;
receive, from the called device, an acknowledgement message in response to the first message; and
use the derived security key to encrypt and decrypt communications between the calling device and the called device.

US Pat. No. 10,142,304

ENCRYPTION KEY SHREDDING TO PROTECT NON-PERSISTENT DATA

SEAGATE TECHNOLOGY LLC, ...

1. A storage system comprising:a storage drive; and
a controller to:
power on the storage drive;
identify an encryption key on the storage drive created upon powering on the storage drive;
encrypt data in a cache of the storage drive using the encryption key;
power off the storage drive; and
delete the encryption key upon powering off the storage drive.

US Pat. No. 10,142,303

SEPARATION OF SOFTWARE MODULES BY CONTROLLED ENCRYPTION KEY MANAGEMENT

QUALCOMM Incorporated, S...

1. A method for protecting software in a memory device, comprising: receiving a memory transaction associated with the memory device, the memory transaction including at least a realm identifier and a realm indicator bit, wherein the realm identifier enables identification of a realm that includes one or more selected regions in the memory device; obtaining an ephemeral encryption key associated with the realm identifier when the realm identifier indicates the realm and when the realm indicator bit is enabled, wherein the ephemeral encryption key is stored in a second memory device that is not accessible to a core device, and wherein the ephemeral encryption key is unknown to the core device; decrypting at least one of an instruction or data received from the realm based on the ephemeral encryption key when the memory transaction is a read transaction, wherein the at least one of the instruction or the data is to be processed by the core device; and encrypting second data to be stored in the realm based on the ephemeral encryption key when the memory transaction is a write transaction.

US Pat. No. 10,142,302

SYSTEMS AND METHODS FOR MANAGING RESETTING OF USER ONLINE IDENTITIES OR ACCOUNTS

Oath Inc., Dulles, VA (U...

8. A system for managing resetting of online identities or accounts of users, the system including:a data storage device storing instructions for managing resetting of online identities or accounts of users; and
a processor configured to execute the instructions to perform a method including:
receiving, over a network, a request to reset login information to access an online account of a user;
comparing, at an online account server, a time of the request to reset login information to a preset time or amount of time;
receiving, over the network, intrinsic user data associated with the request to reset login information, wherein the intrinsic user data includes a device finger print and a type of browser used to make the request, and wherein the intrinsic user data includes values with different weights indicative of a level of trust of the identity of the user;
identifying, at the online account server, two or more values of the intrinsic user data; and
transmitting, over the network, a subset of options to reset the login information, wherein the subset of options to reset the login information is selected by the online account server based on the identified two or more values of the intrinsic user data, and wherein a full set of reset options are transmitted when the online account server determines that the identified two or more values result in a trusted pair.

US Pat. No. 10,142,301

ENCRYPTED DATA DELIVERY WITHOUT INTERVENING DECRYPTION

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:establishing a secure communications channel with a second computer system, resulting in session information that includes a cryptographic key usable to decrypt encrypted records received over the secure communications channel;
receiving, over the secure communications channel, a sequence of encrypted records, wherein individual records of the sequence of encrypted records are decryptable using the cryptographic key;
decrypting, using the cryptographic key, a first subsequence of the sequence of encrypted records to form a decrypted first subsequence; and
as a result of determining that the decrypted first subsequence indicates a request to store a second subsequence, distinct from the first subsequence, of the sequence of encrypted records, providing the second subsequence and the cryptographic key to a data storage system, thereby causing the second subsequence and the cryptographic key to be stored, the cryptographic key usable to decrypt the sequence.

US Pat. No. 10,142,300

DECENTRALIZED AUTHORITATIVE MESSAGING

Wickr Inc., San Francisc...

1. A method for accessing an encrypted communication, the method comprising:receiving, at a first device, a first encrypted communication from a second device, wherein a first ephemeral component and a signature of the first ephemeral component are included in a header of the first encrypted communication;
deriving, by the first device, a first key using the first ephemeral component and a second ephemeral component;
decrypting, by the first device, the first encrypted communication received from the second device using, in part, the first key;
providing, by the first device, the first decrypted communication to a user of the first device.

US Pat. No. 10,142,299

SECURITY KEY GENERATION AND MANAGEMENT METHOD OF PDCP DISTRIBUTED STRUCTURE FOR SUPPORTING DUAL CONNECTIVITY

Samsung Electronics Co., ...

1. A method for communicating by a user equipment (UE) in a communication system, the method comprising:receiving a radio resource control (RRC) connection reconfiguration message including a counter for a second base station from a first base station;
generating a second security key for a second communication link with the second base station based on a first security key and the counter, the first security key being applied to a first communication link with the first base station; and
applying the second security key to the second communication link with the second base station.

US Pat. No. 10,142,298

METHOD AND SYSTEM FOR PROTECTING DATA FLOW BETWEEN PAIRS OF BRANCH NODES IN A SOFTWARE-DEFINED WIDE-AREA NETWORK

VERSA NETWORKS, INC., Sa...

1. A method for protecting data flows between pairs of branch nodes in a software-defined wide-area network (SD-WAN), the method comprising:establishing secure connections between a SD-WAN controller and branch nodes in a plurality of branch nodes, wherein each branch node advertises a half-key to the SD-WAN controller via its secure connection;
distributing advertised half-keys to branch nodes in the plurality of branch nodes via the established secure connections, wherein the advertised half-keys distributed to each branch node are the half-keys advertised by peer branch nodes of the branch node; and
encrypting payloads for transmission from a first branch node in the plurality of branch nodes to a peer branch node in the plurality of branch nodes using a shared secret key, the shared secret key generated using the half-key of the first branch node and the distributed half-key of the peer branch node.

US Pat. No. 10,142,297

SECURE COMMUNICATION METHOD AND APPARATUS

RIVER SECURITY INC., Sha...

1. A secure communication method, wherein the method is executed by a security proxy device between a client and a server, the method comprising:using a key exchange mechanism to perform connection key agreement with the client; and assigning a token for the client after identity authentication for the client succeeds;
upon receiving a request sent by the client to the server, validating whether the token sent together with the request is a token assigned for the client; if the validation succeeds, forwarding to the server a decrypted request obtained by using the connection key or a token connection key, wherein the token connection key is assigned for the client and then sent to the client by using the connection key;
after receiving a response returned by the server, using the connection key or token connection key to encrypt the response, and forwarding the encrypted response to the client.

US Pat. No. 10,142,296

SYSTEMS AND METHODS FOR IMPROVING PRECISION OF A LOCATION SENSOR

Google LLC, Mountain Vie...

1. A system that cryptographically protects location data transferred between a plurality of servers via a computer network to tune a location engine, comprising:a data processing system comprising one or more processors and memory;
a bridging module executed by the one or more processors of the data processing system to retrieve, from a location database stored in the memory, a plurality of location determinations made by the location engine of the data processing system, each location determination associated with a respective first identifier;
the bridging module configured to map each respective first identifier to a respective second identifier using a mapping function;
a first encryption module executed by the one or more processors to determine a first hash value for each location determination using a first hash function applied to a tuple formed of the second identifier and a timestamp of each location determination;
the first encryption module configured to encrypt the first hash value for each location determination using a first encryption protocol to generate a first encrypted data set;
a communication interface of the data processing system to transmit, via the computer network, the first encrypted data set to one or more servers configured to process electronic transactions;
the communication interface configured to receive, from the one or more servers, a second encrypted data set comprising second hash values generated by a second encryption module for the electronic transactions, each of the second hash values generated by the second encryption module via application of a second hash function to a tuple formed of an identifier and a timestamp of each of the electronic transactions, the second encrypted data set encrypted by the second encryption module with a second encryption protocol, wherein the first encryption protocol and the second encryption protocol are commutative encryption protocols;
the first encryption module configured to use the first encryption protocol to encrypt the second encrypted data set received from the one or more servers to generate a first double encrypted data set;
the communication interface configured to receive, from the one or more servers, a second double encrypted data set generated by the second encryption module via application of the second encryption protocol to the first encrypted data set transmitted by the data processing system to the one or more servers;
a tuner executed by the one or more processors to compare the first double encrypted data set with the second double encrypted data set to determine a precision metric and a recall metric based on a total number of correct location determinations, a total number of location determinations, and a total number of actual location events; and
the tuner configured to adjust a tuning parameter of the location engine based on at least one of the precision metric or the recall metric.

US Pat. No. 10,142,294

REMOTE ACCESS TO LOCAL NETWORK

QUALCOMM Incorporated, S...

1. A method of communication, comprising:identifying, at an access terminal, an access point on a local network to be accessed by the access terminal;
sending a first message from the access terminal to a first security gateway to determine whether the first security gateway has established a first protocol tunnel to the access point;
receiving, at the access terminal, a response to the first message from the first security gateway, wherein the response indicates whether the first security gateway has established the first protocol tunnel to the access point; and
establishing, by the access terminal, a second protocol tunnel between the access terminal and the first security gateway to enable the access terminal to remotely access the local network if the response indicates that the first security gateway has established the first protocol tunnel to the access point.

US Pat. No. 10,142,293

DYNAMICALLY DEFINED VIRTUAL PRIVATE NETWORK TUNNELS IN HYBRID CLOUD ENVIRONMENTS

International Business Ma...

1. A method comprising:in a first virtual private network (VPN) agent, managing a first VPN tunnel in a plurality of VPN tunnels, wherein the first VPN tunnel provides communication for traffic between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment;
receiving a request from a VPN manager, the request including a first set of requirements for a first cloud application for the first VPN tunnel in the plurality of VPN tunnels;
creating the first VPN tunnel according to the first set of requirements;
receiving a modification request from the VPN manager containing a second set of requirements for a second cloud application wherein a second VPN tunnel provides communication for the second cloud application; and
tuning the first VPN tunnel according to the second set of requirements, wherein the tuning includes merging the second VPN tunnel with the first VPN tunnel, wherein the modification request is based on a determination that the first and second sets of requirements are compatible, wherein the first VPN tunnel after merging continues to provide communication between the first node and the second node.

US Pat. No. 10,142,292

DUAL-MODE MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE

Pulse Secure LLC, San Jo...

1. A cellular mobile device comprising:a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;
a microprocessor;
an operating system executing on the microprocessor to provide an operating environment of application software;
a multi-service virtual private network (VPN) client registered with the operating system as a single application, wherein the multi-service VPN client comprises:
a security manager integrated within the multi-service VPN client to apply at least one security service to network packets;
a VPN handler having an interface to exchange the network packets with the security manager for application of the security service, wherein the VPN handler is configurable to operate in one of an enterprise mode or a non-enterprise mode, wherein in the enterprise mode the VPN handler establishes a VPN connection with a remote VPN security device and provides encryption services to securely tunnel the network packets between the cellular mobile device and the remote VPN security device, and wherein in the non-enterprise mode the VPN handler directs the network packets to the security manager without application of the encryption services and communicates the network packets to a packet-based network without tunneling the packets; and
a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the security manager of the multi-service VPN client, to submit credentials, and to instruct the VPN handler to dynamically instantiate the VPN connection or deconstruct an existing VPN connection,
wherein upon establishing the VPN connection the VPN control application receives a web-based home page from the remote VPN security device via a Hypertext Transfer Protocol Secure (HTTPS) response,
wherein the VPN control application dynamically parses HyperText Markup Language (HTML) bookmark links from the HTTPS response and renders a bookmark window using input controls native to the cellular mobile device, where each of the input controls corresponds to a different one of the bookmarks parsed from the HTTPS response received from the remote VPN security device, and
wherein, upon selection of one of the input controls, the VPN control application formulates and outputs an appropriate HTTP string to the remote VPN security device as if a corresponding HTML link were selected by the user.

US Pat. No. 10,142,291

SYSTEM FOR PROVIDING DNS-BASED POLICIES FOR DEVICES

Nominum, Inc., Redwood C...

1. A system for providing DNS-based policies for devices, the system comprising:a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the DNS query including at least one of: (i) a unique gateway identifier associated with the gateway and (ii) a unique device identifier associated with the individual device;
a memory device operable to store at least one policy, the at least one policy corresponding to at least one of the unique gateway identifier and the unique device identifier; and
a dynamic policy enforcement engine extracting from the DNS query the at least one of the unique gateway identifier and the unique device identifier, the dynamic policy enforcement engine operable to enforce the at least one policy when processing the DNS query by using the unique gateway identifier and the unique device identifier to select the at least one policy which applies to the individual device which originated the DNS query;
the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting location information for the individual device from the DNS query; and,
a tracking module operable to store the location information of the individual device.

US Pat. No. 10,142,290

HOST-BASED FIREWALL FOR DISTRIBUTED COMPUTER SYSTEMS

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:executing a host-based firewall loaded into memory of a virtual machine instance operated by a customer of a plurality of customers of a computing resource service provider, where the virtual machine instance is a computing resource that is a member of a set of computing resources provided to the plurality of customers by the computing resource service provider;
obtaining network traffic information from the host-based firewall, the network traffic information indicating a set of connection attempts between the virtual machine instance and at least one other computer system and a particular application of one or more applications executed by the virtual machine instance associated with a particular connection attempt of the set of connection attempts;
prompting the customer for decisions to allow or deny the set of connection attempts by at least providing the customer with a notification of the set of connection attempts;
obtaining, from the customer, a first set of decisions to allow or deny the set of connection attempts;
obtaining, from a different customer, a second set of decisions to allow or deny another set of connection attempts between a virtual machine instance of the different customer and at least one other computer system;
generating a rule set by the host-based firewall based at least in part on the first set of decisions and the second set of decisions; and
enforcing, by the host-based firewall, the generated rule set.

US Pat. No. 10,142,289

SECURE INTERFACE FOR A MOBILE COMMUNICATIONS DEVICE

Owl Cyber Defense Solutio...

1. A secure interface for a mobile communications device, comprising:output communications circuitry operable to communicate output communications with an external network, the output communications including externally-received information packets and to be externally-transmitted information packets, the output communications circuitry receiving the to be externally-transmitted information packets via an internal connection and transmitting the to be externally-transmitted information packets to the external network via an external connection and receiving the externally-received information packets from the external network via the external connection and passing the externally-received information packets via the internal connection;
private network communications circuitry operable to communicate private network communications with a mobile communications device, the private network communications including internally-received information packets and to be internally-transmitted information packets, the private network communications circuitry receiving the to be internally-transmitted information packets via an internal connection and transmitting the to be internally-transmitted information packets to the mobile communications device via an external connection and receiving the internally-received information packets from the mobile communications device via the external connection and passing the internally-received information packets via the internal connection; and
an input/output filter connected between the output communications circuitry and the private network communications circuitry and configured to separately filter the externally-received information packets and the internally-received information packets to block any undesirable packets based on programmed stored criteria, to pass filtered externally-received information packets to the internal connection of the private network communications circuitry as the to be internally-transmitted information packets, and to pass filtered internally-received information packets to the internal connection of the output communications circuitry as the to be externally transmitted information packets.

US Pat. No. 10,142,288

MACHINE APPLICATION INTERFACE TO INFLUENCE VIRTUAL ENVIRONMENT

MADRONA VENTURE FUND VI, ...

1. A method comprising:instantiating connection management routines to establish and manage a connection with an outside application via an application interaction layer;
operating an integrity monitor to parse an access request into integrity data and graphics data;
applying user security preferences to a security model;
applying graphics parameters of the security preferences to the graphics data to operate a security controller to transmit resource parameters to a resource allocator;
applying integrity parameters of the security preferences to the integrity data to operate the security controller to create a gateway control signal to control a security gateway;
configuring the resource allocator with the resource parameters to allocate memory and graphics processing resources;
applying the gateway control signal to a gateway actuator to configure the security gateway to filter 3D content protocol into secure data;
transmitting the secure data to a virtual environment to configure a rendering module to render a virtual object; and
transmitting the secure data from the virtual environment to the security gateway and transmitting the 3D content protocol to the outside application.

US Pat. No. 10,142,286

SERVER DEVICE, CONTROL METHOD FOR THE SAME AND COMPUTER-READABLE RECORDING MEDIUM

GREE, Inc., Tokyo (JP)

1. A method for controlling a server device that provides a game, in which a user can participate, and that is communicatively connected, via a communication network, to a terminal device operated by the user, the method comprising:the server device receiving an access request that specifies a URL, via the communication network, from the terminal device operated by the user;
the server device carrying out a process for prompting the user to register a shortcut to a second URL when the URL specified by the access request is a first URL, the process for prompting the user including displaying an indication of a reward to be offered to the user for registering the shortcut to the second URL; and
the server device offering a reward to the user without carrying out a process for prompting the user to register the shortcut when the URL specified by the access request is the second URL,
wherein the shortcut is an icon linking to a shortcut to the URL;
wherein the second URL provides access to the game; and
wherein the reward is a reward usable in the game.

US Pat. No. 10,142,285

IP ALLOCATION POOLS

Google LLC, Mountain Vie...

1. A method for providing services to user devices, the method comprising:maintain a plurality of IP blocks that each define a group of IP addresses;
providing, to a plurality of client devices, a network-related service, wherein each client device is assigned to an IP block based on an IP address of the client device, wherein each IP block is associated with settings that adjust the network-related service for client devices assigned to the IP block;
determining an expected number of IP reassignments of client devices between the IP blocks;
after a time period during which actual IP reassignments of the client devices occur, comparing the actual IP reassignments that occurred during the time period to the expected number of IP reassignments;
based on the comparison of the actual IP reassignments that occurred during the time period to the expected number of IP reassignments, altering some of the IP blocks such that at least some of the client devices are reassigned to different IP blocks; and
for each client reassigned to a different IP block, adjusting the network-related service for the at least some client devices according to the settings of the different IP blocks to which the at least some client devices are assigned.

US Pat. No. 10,142,284

FASTER IP ADDRESS ALLOCATION IN A HYBRID CLOUD ENVIRONMENT USING SUBNET SELECTIVE RANDOMIZATION

VMware, Inc., Palo Alto,...

1. A method for allocating Internet Protocol (IP) addresses, the method comprising:identifying, by a first gateway operating within a first cloud computing environment, a current subnet that includes at least one available IP address for allocation from a global pool of IP addresses that is in communication with the first gateway and a second gateway operating within a second cloud computing environment that is securely separate from the first cloud computing environment;
randomly selecting, by the first gateway operating within the first cloud computing environment, an available IP address from the current subnet for allocation;
requesting allocation of the available IP address, by the first gateway operating within the first cloud computing environment, from the global pool of IP addresses; and
responsive to determining that no available IP address exists in the current subnet, selecting, by the first gateway operating within the first cloud computing environment, a new subnet from which to allocate IP addresses.

US Pat. No. 10,142,283

METHOD, APPARATUS AND SYSTEM FOR ESTABLISHING A REAL-TIME TELECOMMUNICATION SESSION

Vonage Business Inc., At...

1. A method for establishing a telecommunication session, comprising:receiving, using a server, a plurality of communication identifiers of a first type, wherein each of the plurality of communication identifiers of the first type is associated with an invitation to join the telecommunication session;
determining one or more communication identifiers of a second type based on, for each, its association with at least one of the communication identifiers of the first type;
associating the one or more communication identifiers of the second type with an identifier of the telecommunication session;
receiving a request to join the telecommunication session; and
bypassing an authentication action and granting the request to join the telecommunication session based on at least a determination that the request to join the telecommunication session is associated with at least one of the communication identifiers of the second type that is associated with the identifier of the telecommunication session.

US Pat. No. 10,142,282

METHODS AND GATEWAYS FOR PROCESSING DNS REQUEST

PISMO LABS TECHNOLOGY LIM...

11. A gateway for processing DNS requests comprising:a plurality of WAN interfaces;
at least one LAN interface;
at least one processing unit;
wherein each of the WAN interfaces is able to connect to a plurality of DNS servers via one access network; and
at least one computer readable storage medium comprising program instructions executable by the at least one processing unit for:
receiving a first DNS request from a host via the at least one LAN interface of the gateway;
when the gateway does not have information to respond to the first DNS request:
(a) selecting, according to at least one predefined selection policy, a plurality of DNS servers;
(b) selecting a plurality of access networks that are authorized to send a plurality of new DNS requests, wherein the content of the plurality of new DNS requests is the same as the content of the first DNS request;
(c) transmitting the plurality of new DNS requests to the selected plurality of DNS servers through the selected plurality of access networks via the plurality of WAN interfaces that are connected to the selected plurality of access networks, wherein the gateway does not transmit more than one of the new DNS requests to a selected DNS server through the same access network;
(d) receiving a plurality of DNS responses within a predefined period of time, wherein the plurality of DNS responses correspond to the plurality of new DNS requests;
(e) identifying valid DNS responses from the plurality of DNS responses, wherein the identified valid DNS responses have a return code (RCODE) of zero;
(f) when the pre-defined period of time has expired and no DNS response corresponding to the first DNS request has already sent to the host, if at least one valid DNS response was identified, selecting a valid DNS response from the at least one identified valid DNS response, and generating a first new DNS response, wherein the content of the first new DNS response is the same as the content of the selected valid DNS response, else if no valid DNS responses were identified, generating a first new DNS response, wherein the first new DNS response has a non-zero RCODE;
(g) sending the first new DNS response to the host.

US Pat. No. 10,142,281

MOBILE AD HOC NETWORKING

Facebook, Inc., Menlo Pa...

1. A method comprising:receiving, by a social networking system, a first message from a mobile device application on a first-user mobile device associated with a first user, the message comprising a first-user identifier corresponding to a first-user account maintained for the first user by the social networking system;
determining, by the social networking system, a location of the first-user mobile device;
determining, by the social networking system, that a plurality of mobile devices are within a local RF range for direct connectivity with the first-user mobile device, each of the plurality of mobile devices being associated with a user identifier corresponding to a user account maintained by the social networking system;
transmitting, by the social networking system, a second message to the first-user mobile device, the second message enabling the first user to create a group within the social-networking system;
receiving, by the social-networking system, a request to create the group including the first user and each of a plurality of users being associated with the plurality of mobile devices within the local RF range for direct connectivity with the first-user mobile device; and
creating and storing a record of the group in social graph information.

US Pat. No. 10,142,280

SOCIAL CONVERSATION MANAGEMENT

International Business Ma...

1. A method for managing conversations in social media and networks, comprising:selecting, by a processor, a message posted to a social medium for management;
associating, by the processor, a goal with the selected message for management;
monitoring, by the processor, other messages posted to the social medium for messages that are related to the selected message for management;
storing, by the processor, an identification of the selected message under management, the associated goal and a current state of the associated goal, wherein the identification of the selected message for management, the associated goal and the current state of the associated goal are stored in a lookup table;
determining, by the processor, whether the goal has been met based on monitoring the other messages posted to the social medium; and
performing, by the processor, one of: a first predetermined function in response to the goal being met and a second predetermined function in response to the goal not being met.

US Pat. No. 10,142,279

METHOD AND SYSTEM FOR PRESENTING A LISTING OF MESSAGE LOGS

TENCENT TECHNOLOGY (SHENZ...

1. A method of presenting a listing of message logs, the method comprising:at a computing device with one or more processors and memory:
obtaining a plurality of user-specific models corresponding to a respective user of the computing device, wherein: (i) each of the plurality of user-specific models is used to determine respective listing priorities for message logs based on a respective set of parameters generated based at least in part on previous behavioral data corresponding to the respective user, the behavioral data including identities and relationships of other users involved in each of the message logs relative to the respective user, and a number of messages exchanged between the respective user and the other users involved in each of the message logs, and (ii) the plurality of user-specific models includes a first model corresponding to a first message type, and a second model corresponding to a second message type distinct from the first message type;
obtaining a request from the respective user to display a listing of message logs corresponding to the respective user, wherein the listing of message logs includes a first message log of the first message type and a second message log of the second message type distinct from the first message type; and
in response to obtaining the request:
determining a first listing priority for the first message log based on the first model corresponding to the first message type, the first model being based on a first set of parameters generated based at least in part on the previous behavioral data corresponding to the respective user;
determining a second listing priority for the second message log based on the second model corresponding to the second message type, the second model being based on a second set of parameters, different from the first set of parameters, generated based at least in part on the previous behavioral data corresponding to the respective user;
determining a presentation order for the listing of message logs corresponding to the respective user based at least in part on the first listing priority, the second listing priority, and a prioritization preference of the respective user for two or more message types including at least the first message type and the second message type; and
presenting the listing of message logs corresponding to the respective user in the determined presentation order.

US Pat. No. 10,142,278

AUTOMATIC ANOMALY ALERTS FOR SCHEDULED POSTS

Adobe Systems Incorporate...

1. A computer-implemented method comprising:receiving, by a processor and via a user interface, electronic content generated by a user and a scheduled posting time associated with the content;
storing, by the processor, the electronic content into a scheduled post queue as a scheduled post to publish at the scheduled posting time;
identifying, by the processor, at least one of a keyword and topic associated with the scheduled post;
receiving, by the processor, data from an external data source excluding the electronic content generated by the user;
detecting, by the processor, an anomaly in the scheduled post based on the data from the external source and the keyword or topic, the anomaly representing at least one of a deviation, inconsistency, and incongruity between the at least one keyword and topic associated with the scheduled post and the data from the external data source, wherein the anomaly is detected when a number of instances that the at least one keyword and topic deviates from the scheduled post exceeds a predetermined threshold;
classifying, by the processor, the anomaly into one of a supporting anomaly, an opposing anomaly, and a neutral anomaly based on additional information about the keyword or topic derived from the external data source;
generating, by the processor, an alert based on the classified anomaly, the alert including a hyperlink to the external data source, the hyperlink when selected causes the user interface to display the additional information about the keyword or topic associated with the scheduled post; and
causing, by the processor, the user interface to display the scheduled post and the alert including the hyperlink prior to publication of the scheduled post at the scheduled posting time.

US Pat. No. 10,142,277

POSTING AND CONSULTATION OF MESSAGES BY USERS OF SOCIAL NETWORKS

ORANGE, Paris (FR)

1. A method of processing a message posting request originating from a social network user, called posting user, comprising the following acts performed by at least one network entity:receiving, by the at least one network entity, a request for posting of a message intended for at least one social network user, called addressee user, information associated to said message posting request comprising the message and a social network user identifier for each addressee user,
identifying, in said at least one network entity, at least one telephone line associated in a social network with a social network user identifier of an addressee user, in response to receiving the request for posting of the message,
posting, from said at least one network entity, said message in a phone network mailbox associated with the telephone line identified, the phone network mailbox being managed by a phone network messaging server of a phone network in which at least one terminal associated with the identified telephone line establishes telephone communications using the identified telephone line, and
dispatching, from said at least one network entity, through the phone network, a notification to the at least one terminal associated with the identified telephone line, the notification indicating that the message is available in the phone network mailbox associated with the telephone line identified and comprising a social network user identifier assigned to the posting user.

US Pat. No. 10,142,276

CONTEXTUALLY-BASED AUTOMATIC SERVICE OFFERINGS TO USERS OF MACHINE SYSTEM

1. A machine-implemented and contextually-sensitive, user-servicing method comprising:(a) causing an automatically repeated collecting by an automated machine system of automatically updated first user state indicating signals, the machine system having one or more processors, where the automatically updated, collected first user state indicating signals are indicative of at least one of a recent or current state of a first user among a plurality of users of the automated machine system, the recent state being one that corresponds to at least one of: (a.1) a state that was present no more than one month before the current state; (a.2) a state that was present within a context-dependent temporal range defined by at least one of a currently active profile of the first user and a communal consensus node currently being touched by the first user; and (a.3) a state that was present within a temporal range defined by a current user setting, the communal consensus node being a system maintained linking node that links to system defined further resources in accordance with consensus of a community of users of the system and is touchable by way of direct or indirect access thereto by the first user;
(b1) causing an automatically repeated first determining by the automated machine system of one or more likely current or recent contextual states of the first user and of which subset of plural profiles of the first user are currently active profiles of the first user based on the collected, automatically updated first user state indicating signals, the one or more likely current or recent contextual states being a subset of a larger set of selectable contextual states defined and maintained by the automated machine system within a memory of the machine system, the subset of the determined to be currently active profiles being a subset having two or more of a larger set of selectable profiles of the first user that are maintained by the automated machine system;
(b2) causing the determined likely current or recent contextual states and the determined currently active profiles to be automatically repeatedly used as a feedback loop that can operate to assist in selecting of next active profiles and/or of next likely current or recent contextual states such that one or more current cognitive states of the first user can be determined with improved resolution;
(c) causing an automatically repeated second determining by the automated machine system of one or more currently likely to be welcomed or desired-by-the-first user servicings or tools or offerings or suggestions to be provided to the first user and/or a currently likely to be welcomed or desired-by-the-first user presentation format for presenting at least one of such servicings, tools, offerings or suggestions, said automatically repeated second determining being based on the automatically repeated first determinations of what are the one or more likely current or recent contextual states of the first user and being based on the automatically repeated first determinations of which subset of the plural profiles of the first user are the currently active profiles of the first user for respective ones of the likely current or recent contextual states of the first user; and
(d) causing an automatic providing to the first user and with contribution from the automated machine system of at least one of the servicings, tools, offerings and suggestions that have been determined by said second determining to be currently likely to be welcomed or desired by the first user;
wherein said automatically repeated first determining of which subset of the plural profiles of the first user are currently active profiles of the first user is based on a previous determining by the method of one or more likely current or recent contextual states of the first user;
wherein said automatically repeated first determining of the one or more likely current or recent contextual states of the first user is based on a current determination of which subset of the plural profiles of the first user are currently active profiles of the first user, such that said feedback loop is formed; and further wherein:
said larger set of selectable contextual states defined and maintained by the automated machine system are represented within the automated machine system as at least one of first points, nodes and sub-regions (first PNOS's) within a communally-controlled context space defined within the memory of the machine system, wherein members of at least one kind among the first PNOS's are hierarchically and/or spatial-wise organized within the context space in accordance with automatically repeatedly updated communal sentiments of plural users of the automated machine system and wherein the organized members of the at least one kind among the first PNOS's are logically linked so as to thereby be cross-associated, one relative to a next;
the automated machine system further maintains and automatically repeatedly updates as at least one of second points, nodes and sub-regions (second PNOS's) within a communally-controlled topic space defined within the memory of the machine system, a set of selectable topic definitions, wherein members of at least one kind among the second PNOS's are hierarchically and/or spatial-wise organized within the topic space in accordance with automatically repeatedly updated communal sentiments of plural users of the automated machine system and wherein the organized members of the at least one kind among the second PNOS's are logically linked so as to thereby be cross-associated, one relative to a next; wherein at least some of the organized members of the at least one kind among the second PNOS's are logically linked with at least some members of the first PNOS's so as to thereby define context-associated members among the second PNOS's;
the automated machine system further maintains and automatically repeatedly updates as at least one of third points, nodes and sub-regions (third PNOS's) within a communally-controlled additional space defined within the memory of the machine system, a set of selectable additional definitions, wherein members of at least one kind among the third PNOS's are hierarchically and/or spatial-wise organized within the additional space in accordance with automatically repeatedly updated communal sentiments of plural users of the automated machine system and wherein the organized members of the at least one kind among the third PNOS's are logically linked so as to thereby be cross-associated, one relative to a next; wherein at least some of the organized members of the at least one kind among the third PNOS's are logically linked with at least some members of the first PNOS's and/or of the second PNOS's so as to thereby define topic-associated members and/or context-associated members among the third PNOS's; and
the automatically repeatedly determined as likely to be currently welcomed or desired-by-the-first user servicings or tools or offerings or suggestions to be made to the first user and the corresponding automatic providing thereof to the first user include at least one of:
(d.1) suggestions of topics and/or forums to be investigated by the first user, which said suggestions can be immediately pursued by user activation of the provided said suggestions, the suggested topics and/or forums being derived from at least one of the communally-controlled topic space and the communally-controlled additional space of the automated machine system; and
(d.2) suggestions of individual users or groups of users for the first user to make contact with, which said suggestions can be immediately pursued by user activation of the provided said suggestions, wherein identities of the suggested individual users or groups of users are derived from links provided within at least one of the communally-controlled topic space and the communally-controlled additional space of the automated machine system.

US Pat. No. 10,142,275

SYSTEM AND METHOD FOR MANAGING MESSAGES BASED ON USER RANK

1. A method for managing electronic communications in a hierarchically ordered organization, which comprises:providing an application for managing electronic communications, the application comprising one or more program modules, each module having a processor-executable instruction set
installing at least one of the program modules in each of a plurality of computing devices having each a processor and a non-transitory memory for storing and executing the instruction set, and distributing the plurality of devices to a plurality of users;
by the plurality of computing devices, associating each user and each device with a user identification and an organizational rank or position in a hierarchical reporting structure, the structure defining multiple levels including at least one manager and multiple subordinates;
by a first device, sending a message related to a task at hand to a list of addressees in the hierarchical reporting structure, the message having a message identifier;
by the first device, receiving responses from one or more responding users and displaying a summary sortable according to one or more response attributes associated with each responding user, the response attributes comprising a field that acknowledges the message, a user identifier field, a message identifier field referencing the task at hand, a status field as available or unavailable, a position or rank field, and an action field, wherein the one or more response attribute fields are populated with a value from the received responses; and,
further characterized in that the summary includes a location attribute for each responding user, the location information is acquired from each responding user, and is displayed on a map on the first device.

US Pat. No. 10,142,274

MESSAGE COMMUNICATION SYSTEMS AND APPLICATIONS WITH MESSAGE LIFETIME SETTINGS FOR AUTOMATIC MESSAGE DELETION

1. A computer implemented method for managing communication of messages between senders and recipients of messages, comprising,receiving, at the one or more server computers, identification of a recipient for a message to be sent by a sender, the recipient being pre-identified for use of a lifetime setting, the lifetime setting defining a period of time after which the message will be automatically deleted;
providing, by the one or more server computers, a suggestion to apply the lifetime setting for sending the message based on said identification of the recipient for the message;
requesting, by the one or more server computers, acceptance of an agreement from the recipient that the message to be sent by the sender to the recipient will have the lifetime setting imposed;
determining, by the one or more server computers, whether the recipient has agreed to the lifetime setting;
sending, by the one or more server computers, the message to the recipient after confirming that the recipient agreed to the lifetime setting;
receiving, by the one or more server computers, an indication that the message has been opened by the recipient;
starting, by the one or more server computers, a timer to count down the period of time associated with the lifetime setting for the message; and
subsequently deleting, by the one or more server computers, the message after expiration of the timer, the deleting acting to remove the message on the one or more server computers and message interfaces provided by the one or more server computers to enable access to send and receive the message by the sender and the recipient.

US Pat. No. 10,142,273

HANDLING VARIOUS SCENARIOS WHERE AN EMAIL RECIPIENT IS NOT AVAILABLE

International Business Ma...

1. A computer system for generating reports, the computer system comprising:one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising:
receiving, by a simple message transfer protocol (SMTP) server, an electronic message associated with the online communication system, wherein the electronic message is addressed to a recipient from a sender;
identifying a recipient inbox within a recipient mail server using a plurality of directory information associated with the received electronic message, wherein the plurality of directory information is stored on the SMTP server associated with the online communication system, and also includes a plurality of alternate contact information for the recipient;
prior to attempting a transmission of the electronic message to the recipient mail server from the SMTP server, determining the identified recipient inbox satisfies at least one of a plurality of alternate contact criteria;
generating an SMTP response, after transmission and receipt of the electronic message in the SMTP server, that includes the plurality of alternate contact information for the recipient stored within the plurality of directory information on the server rather than transmitting the received electronic message to the identified recipient inbox or an alternate recipient; and
transmitting the SMTP response to the sender through a sender mail server based on the plurality of determined alternate contact criteria being satisfied.

US Pat. No. 10,142,272

PRESENTING BROWSER CONTENT BASED ON AN ONLINE COMMUNITY KNOWLEDGE

International Business Ma...

1. A computer-implemented method for customizing content having an informational topic provided in a web browsing experience, comprising:extracting browsing behaviors of a plurality of members of an online community that share a common interest and associating the extracted browsing behaviors with the online community;
assigning a knowledge level value to each of the plurality of members based on respective extracted browsing behaviors;
assigning an average knowledge level value to the online community based on the knowledge level values of the plurality of members;
customizing the web browsing experience for each member of the online community based on the extracted browsing behaviors of the online community, wherein customizing the web browsing experience includes:
hiding, from a user, the content when the content is determined to have been frequently skipped by the members of the online community at a rate exceeding a predefined skip threshold, wherein the user is a member of the online community;
assigning a detail and technological depth level value to each section of the content and each of one or more recommended sources;
displaying, to the user, one or more sections of the content with a detail and technological depth level value that is commensurate with the average knowledge level value of the online community while hiding one or more sections of the content with a detail and technological depth level value that is not commensurate with the average knowledge level value of the online community; and
displaying, to the user, the one or more recommended sources with a detail and technological depth level value that is commensurate with a knowledge level value of the user, wherein the one or more recommended sources is related to the informational topic.

US Pat. No. 10,142,271

METHOD, DEVICE, AND SYSTEM FOR PROVIDING PRIVACY FOR COMMUNICATIONS

1. A method of outputting content of a message or communication session comprising:setting a privacy indicator that is applicable to a first communication to be received by a communication terminal of an addressee of the first communication based on input received from a sender of the first communication such that a privacy indicator is included in a header of a message of the first communication to indicate that content of the first communication includes private information and should be output in accordance with a privacy setting identified by the privacy indicator in the header of the message prior to the first communication being sent to the communication terminal;
receiving, by the communication terminal, the first communication;
determining, by the communication terminal, that the privacy indicator applies to the received first communication based on the privacy indicator of the message;
outputting content of the first communication in accordance with the privacy setting identified by the privacy indicator via the communication terminal in response to determining that the privacy indicator applies to the received first communication;
wherein:
the addressee of the first communication is a user associated with the communication terminal, and
the outputting of content of the first communication in accordance with the privacy setting identified by the privacy indicator via the communication terminal in response to determining that the privacy indicator applies to the received first communication comprises:
determining, by the communication terminal, whether there is at least one person who is not the user associated with the communication terminal within a pre-specified distance of the communication terminal prior to the outputting of the content of the first communication such that an identification of the at least one person who is not the user associated with the communication terminal that is within the pre-specified distance is determinable by the communication terminal; and
(i) permitting output of content of the first communication audibly via at least one ear bud or a headphone device when the communication terminal is connected to the headphone device or at least one ear bud such that content is output via the at least one ear bud or the headphone device instead of a speaker of the communication terminal regardless of whether any person who is not the user associated with the communication terminal is determined to be within the pre-specified distance, and
upon determining that the headphone device is not connected to the communication terminal and the ear bud is not connected to the communication terminal and that a person who is not the user associated with the communication terminal is within the pre-specified distance:
identifying the at least one person who is not the user that is within the pre-specified distance;
(ii) permitting output of content of the first communication audibly in response to determining that no person who is identified within a first list is determined to be within the pre-specified distance of the communication terminal,
(iii) permitting output of content of the first communication audibly in response to determining that only one or more persons who are identified within a second list and who are not the user are determined to be within the pre-specified distance of the communication terminal,
(iv) permitting output of content of the first communication audibly at or below a pre-specified audible level via a speaker of the communication terminal in response to determining that there is at least one person who is not the user associated with the communication terminal within the pre-specified distance of the communication terminal and is not within the second list, and determining that the communication terminal is in a first position in which the speaker of the communication terminal is adjacent an ear of the user associated with the communication terminal, and
(v) permitting output of content of the first communication audibly in response to determining that no other person who is not the user associated with the communication terminal is determined to be within the pre-specified distance of the communication terminal, and
(vi) in response to determining that there is at least one person who is not the user associated with the communication terminal within the pre-specified distance of the communication terminal, that the headphone device is not connected to the communication terminal, the ear bud is not connected to the communication terminal, the communication terminal is not in the first position, and that the at least one person who is not the user associated with the communication terminal is not within the second list, deactivating audible outputting of content of the first communication.

US Pat. No. 10,142,270

TELECOMMUNICATION AND MULTIMEDIA MANAGEMENT METHOD AND APPARATUS

VOXER IP LLC, San Franci...

52. A video communication method, comprising:arranging to provide an application to a sending communication device, the application enabling the sending communication device to:
(a) identify a recipient of a video communication;
(b) communicate the identifier identifying the recipient to a video communication system maintained on a network; and
(c) stream the video communication over the network to the video communication system;
receiving at the video communication system the identifier identifying the recipient of the video communication;
using, within the video communication system, the identifier to ascertain a delivery location on the network for a second communication device associated with the recipient;
receiving, at the video communication system, the video communication over the network from the sending communication device;
storing the video communication in a location accessible by the video communication system;
using the delivery location to deliver portions of the video communication over the network from the video communication system to the second communication device, the delivery enabling the video communication to be at least partially rendered at the second communication device while the video communication is streamed by the sending communication device,
wherein the video communication is received by the video communication system from the sending communication device without first establishing an end-to-end connection over the network between the sending and second communication devices.

US Pat. No. 10,142,269

METHODS AND SYSTEMS FOR COMMUNICATIONS PROCESSING

CALLWAVE COMMUNICATIONS, ...

1. A communications system, comprising:a processing device;
a network interface;
non-transitory computer readable memory that stores program code that when executed by the processing device is configured to cause the system to at least:
provide a software program for download to a first computing device associated with a user;
enable delivery of a voice message, directed to the user, to the first computing device associated with the user, wherein the delivered voice message is playable to the user via a user interface of the software program;
enable the voice message to be played via a web browser of a second computing device associated with the user;
enable the user to send a textual reply message, via the web browser of the second computing device associated with the user, to an originator of the voice message without the user entering an address of the originator of the voice message; and
receive, via the network interface, a user voice message deletion instruction from the web browser of the second computing device associated with the user;
in response to the user voice message deletion instruction received from the web browser of the second computing device associated with the user, enable the voice message to be deleted from a user interface presented by the browser, and in cooperation with the software program on the first computing device associated with of the user, enable deletion of the voice message on the first computing device associated with the user.

US Pat. No. 10,142,268

MESSAGES AUGMENTED WITH STRUCTURED ENTITIES

Microsoft Technology Lice...

1. A computer-implemented method comprising:receiving, via a computer system, a first message that is sent using a text communication protocol;
sending, via the computer system, indicia of the first message to a server;
sending, via the computer system, a request for the server to make a determination, based on the indicia, whether the server has a second message that corresponds to the first message, with the requested determination to be made based on a finding that a time at which the first message was received is within a range of a timestamp that the server associated with the second message;
receiving, via the computer system, the second message from the server, the second message comprising text and an entity, the first message comprising the text and a text representation of the entity; and
displaying, via the computer system, the text and the entity to a user without displaying the first message.

US Pat. No. 10,142,267

METHOD FOR TRACKING AND ROUTING FINANCIAL MESSAGES FOR MOBILE DEVICES

BOTTOMLINE TECHNOLOGIES (...

1. A financial messaging apparatus configured to encapsulate a financial message, the apparatus comprising:a network interface configured to receive a financial message generated by a bank;
a non-transitory computer readable medium configured to store a rule database, wherein the rule database includes rules specifying actions to be added to financial messages based upon characteristics of the financial messages;
a processor configured to:
analyze the received financial message to identify at least one characteristic of the received financial message;
identify at least one rule in the rule database matching at least one of the at least one identified characteristics of the received financial message;
combine at least one action specified by the identified at least one rule with the financial message to form an encapsulated financial message; and
identify a user associated with the received financial message; and
the network interface further configured to transmit the encapsulated financial message to the identified user, wherein:
the action stored in the encapsulated financial message includes a routing rule specifying criteria for routing of the encapsulated financial message;
the routing rule specifies at least one prohibited location for routing the encapsulated financial message through;
the encapsulated financial message is prevented from being routed through the at least one prohibited location; and
the network interface does not transmit the encapsulated financial message through the at least one prohibited location.

US Pat. No. 10,142,266

METHOD AND SYSTEM FOR PROVIDING RECOMMENDATIONS DURING A CHAT SESSION

TENCENT TECHNOLOGY (SHENZ...

1. A method for providing recommendations of service providers, comprising:at a server system having one or more processors and a memory:
processing instant messages transmitted during a chat session between a first user and at least a second user to obtain one or more keywords of a current conversation between the first user and at least the second user;
selecting at least one of the one or more keywords in accordance with a determination that the at least one keyword has remained relevant to the current conversation for at least a threshold time period;
in accordance with the selection of the at least one keyword:
determining respective geographic locations corresponding to the first user and the second user; and
identifying one or more service providers that are relevant to the at least one keyword, including a first subset of service providers that are located in proximity to a first geographic location corresponding to the first user and a second subset of service providers that are located in proximity to a second geographic location corresponding to the second user, the first subset of service providers being different from the second subset of service providers; and
providing the one or more service providers to the first and second users for display within a conversation interface displayed at respective end devices associated with the first and second users, the conversation interface displaying the current conversation between the first and second users during the chat session, wherein providing the one or more service provides to the first and second users includes:
providing the first subset of service providers that are located in proximity to the first geographic location corresponding to the first user for display within the conversation interface displayed at a first end device associated with the first user;
providing the second subset of service providers that are located in proximity to the second geographic location corresponding to the second user for display within the conversation interface displayed at a second end device associated with the second user;
providing a notification to the first end device regarding the provision of the second subset of the service providers to the second end device associated with the second user, wherein the notification causes the first device to display an indicator adjacent to an instant message received from the second user in the conversation interface displayed at the first end device; and
in response to a user selection of the indicator in the conversation interface displayed at the first end device, providing the respective second subset of the service providers for display in the conversation interface displayed at the first end device.

US Pat. No. 10,142,265

SERVER, METHOD, AND COMPUTER-READABLE STORAGE MEDIUM STORING A PROGRAM FOR PROVIDING VIDEO CHAT

1. A server for providing, to a user, a video chat with a specific user, comprising:one or more computer processors, wherein the one or more computer processors execute readable instructions to perform:
causing, in response to a request from the user, a standby screen to be displayed on a terminal of the user, the standby screen being a screen for standing by for the video chat with the specific user and including user information of a plurality of users standing by for the video chat with the specific user; and
specifying, in accordance with a predetermined rule, one user from the plurality of users standing by, and causing communication for the video chat to be performed between a terminal of the specified user and a terminal of the one user from the plurality of users,
wherein causing the communication for the video chat to be performed includes causing the communication for the video chat to be performed within a video chat duration set based on a number of used items of reservation information necessary for a reservation for the video chat and specified by the user in making the reservation.

US Pat. No. 10,142,264

TECHNIQUES FOR INTEGRATION OF BLADE SWITCHES WITH PROGRAMMABLE FABRIC

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving at a top-of-rack (“TOR”) switch a notification concerning a virtual machine (“VM”), wherein the received notification identifies a host associated with the VM;
determining whether the identified host is directly connected to the TOR switch; and
if the identified host is not directly connected to the TOR switch:
identifying an intermediate switch to which the identified host is directly connected; and
determining whether the identified intermediate switch to which the identified host is directly attached is attached to the TOR switch.

US Pat. No. 10,142,263

PACKET DEDUPLICATION FOR NETWORK PACKET MONITORING IN VIRTUAL PROCESSING ENVIRONMENTS

Keysight Technologies Sin...

1. A method to capture network traffic, comprising:communicating network traffic between applications operating within virtual processing environments within one or more host servers;
monitoring the network traffic between the applications using tap agents operating within the virtual processing environments within the one or more host servers;
for network packet flows communicated between any two applications being monitored by two tap agents:
determining which of the two tap agents is a designated agent to capture the network packets within the packet flows to avoid duplicate packet capture;
capturing the network packets using the designated agent; and
forwarding the captured network packets to one or more network destinations.

US Pat. No. 10,142,262

SYSTEM AND METHOD FOR IMPROVING AN AGGREGATED THROUGHPUT OF SIMULTANEOUS CONNECTIONS

ANCHORFREE INC., Redwood...

1. A method for increasing an aggregated throughput of multiple simultaneous transport connections between computers over a computer network, the method comprising:maintaining, by a first computer, a first plurality of simultaneous connections to a second computer and a second plurality of simultaneous transport connections to a third computer;
receiving, by the first computer, a first group of one or more requests for a data delivery to the second computer over the first plurality of simultaneous transport connections with the second computer;
delivering, by the first computer, requested data corresponding to the first group of one or more requests such the delivery of data corresponding to each requests of the first group of one or more requests must be finished before delivering data corresponding to a subsequent request to the second computer;
receiving, by the first computer, a second group of one or more requests for data delivery to a third computer over a second plurality of simultaneous transport connections with the third computer;
delivering, by the first computer, requested data corresponding to the second group of one or more requests such that delivery of data corresponding to each request of the second group of one or more requests must be finished before delivering data corresponding to a subsequent request to the third computer;
setting, by the first computer, a first number of the first plurality of simultaneous transport connections that are used to deliver the requested data corresponding to the first group of one or more requests;
setting, by the first computer, a second number of the second plurality of simultaneous transport connections that are used to deliver the requested data corresponding to the second group of one or more requests;
detecting, by the first computer, a difference between one or more first parameters of the first plurality of simultaneous transport connections and one or more second parameters of the second plurality of simultaneous transport connections;
setting, by the first computer, the first number of the first plurality of simultaneous transport connections and the second number of the second plurality of simultaneous transport connections to be different according to the difference between the one or more first parameters and the one or more second parameters.

US Pat. No. 10,142,261

RESOURCE ALLOCATION FOR A STORAGE AREA NETWORK

INTERNATIONAL BUSINESS MA...

1. A method comprising:measuring in a first length measurement, a length of a first communication link of a storage area network wherein the first length measurement is a function of a first minimum command response time of a command issued over the first communication link;
obtaining a current data units per second link speed of the first communication link;
calculating a first target resource allocation for a first port at a first end of the first communication link, and for a second port at a second end of the first communication link as a function of the current data units per second link speed of the first communication link and the first length measurement for the first communication link;
configuring a resource allocation for the first and second ports for the first communication link in accordance with the calculated first target resource allocation; and
measuring a length of a second communication link of a data path of the storage area network wherein the data path includes both the second communication link and the first communication link, wherein the measuring the length of the second communication link is a function of a second minimum command response time of a command issued over both the second communication link and the first communication link, less the first minimum command response time of a command issued over the first communication link.

US Pat. No. 10,142,260

INQUIRY-BASED ADAPTIVE PREDICTION

International Business Ma...

1. A computer-implemented method comprising:predicting, by one or more processors, future utilization of a resource at a future point in time, the predicting comprising:
receiving, by the one or more processors, inquiries on potential future utilization of the resource for different future points in time, wherein each inquiry comprising a portion of the inquiries is received over an Internet;
recording, by the one or more processors, time-based patterns of the inquiries that are received to provide recorded time-based patterns of received inquiries;
recording, by the one or more processors, an historic actual utilization value of the resource to provide a recorded historic actual utilization value; and
determining, by the one or more processors, future utilization of the resource at a given future time using the recorded time-based patterns of received inquiries, the recorded historic actual utilization value of the resources, and a current inquiry pattern for the resource; and
performing, by the one or more processors, an action on the resource in advance of the given time, based on the determined future utilization, wherein the action is selected from the group consisting of a maintenance action, a preventative customer service action, digesting workload throttling of a database system comprising the resource, and optimizing the resource for future usage.

US Pat. No. 10,142,259

CONFLICT DETECTION AND RESOLUTION IN AN ABR NETWORK

ERICSSON AB, Stockholm (...

1. A method for managing conflict resolution in a customer premises disposed in an adaptive bitrate (ABR) streaming environment with respect to a subscriber bandwidth pipe serving a plurality of client devices of the customer premises of a subscriber, the method comprising:receiving, at a network element, a request from a new ABR client for an ABR streaming session to be served via the subscriber bandwidth pipe of the customer premises that includes one or more existing ABR clients executing on at least a subset of the client devices, wherein each existing ABR client is engaged in a corresponding ongoing ABR streaming session via the subscriber bandwidth pipe;
determining, at the network element, a forecast of bandwidth requirements for the one or more existing ABR clients of the customer premises with respect to the corresponding ongoing ABR streaming sessions after accounting for a bandwidth requirement for the new ABR client's streaming session request, the determining based on modeling of bandwidth allocation of the subscriber bandwidth pipe serving the customer premises of the subscriber, using at least priority weights respectively associated with the one or more existing ABR streaming sessions via the subscriber bandwidth pipe and the requested ABR streaming session;
responsive to the determining, detecting a conflict if a forecasted bandwidth requirement of at least one of the existing ABR clients of the customer premises violates a bitrate threshold policy relative to the corresponding ongoing ABR streaming session of the at least one of the existing ABR clients of the subscriber's customer premises; and
if there is a conflict, providing a redirect message to the new ABR client for receiving a conflict notification that comprises a video-encoded still image of a message that the streaming session request from the new ABR client is being rejected on account of a bandwidth conflict in the customer premises, the message further indicating a total number of ongoing ABR streaming sessions in the customer premises.

US Pat. No. 10,142,258

METHODS AND APPARATUS FOR PROCESSING IN A NETWORK ON CHIP (NOC)

Advanced Micro Devices, I...

1. An integrated circuit comprising:a network on chip (NOC) comprising:
a plurality of compute units (CUs) each comprising a processor having an instruction set and operable to delegate executable instructions intended for a respective CU processor; and
a plurality of NOC nodes, interconnected to the plurality of CUs, operative to route data among the plurality of CUs, and each comprising a processor having the same instruction set as the processor in each of the plurality of CUs and operative to execute instructions that are delegated from at least one of the plurality of CUs, using the NOC node processor.

US Pat. No. 10,142,257

DYNAMIC SCALING OF REDUNDANCY ELIMINATION MIDDLEBOXES

Alcatel Lucent, Boulogne...

1. A method for dynamic scaling of redundancy elimination middleboxes comprising an encoding middlebox and a decoding middlebox in a communication network, the method comprising:determining a load of incoming data at the encoding middlebox in the communication network; and
modifying a number of encoder instances in the encoding middlebox and a number of decoder instances in a decoding middlebox based on the load of incoming data, the modifying including configuring a classifier to define a new class corresponding to each of one or more new encoder instances and modifying an ordered list of each of the encoder instances present in the encoding middlebox before addition of the one or more new encoder instances, the ordered list relating the new class to each of the encoder instances; and
handling failure recovery of at least one of the classifier, the encoder instances, the decoder instances, and a merger, the handling including recovering packet loss based on at least one of a decoder feedback, a transmission control packet sequence number, and a reliable transport.

US Pat. No. 10,142,256

TIME AND FREQUENCY ALLOCATION FOR CONCURRENT COMMUNICATIONS ON A SHARED COAXIAL CABLE

MaxLinear, Inc., Carlsba...

1. A system comprising:circuitry comprising a processor and memory for use in a controller of a network comprising a plurality of devices connected via a shared coaxial cable, wherein:
the circuitry is operable to maintain one or more data structures that hold, for each sender-receiver pair of the plurality of devices that are directly connected to each other via the shared coaxial cable, at least:
one or more per-sender-receiver-pair link parameters other than device identity parameters, wherein the one or more per-sender-receiver-pair link parameters comprise:
a respective list of spectral characteristics for a plurality of frequencies; and
link parameters used for previous communications on the shared coaxial cable; and
per-sender-receiver-pair bandwidth grant status;
the circuitry is operable to, in response to receipt of a reservation request on the shared coaxial cable, decide which one or more of a plurality of subbands and which one or more of a plurality timeslots to reserve for a transmission based, at least in part, on the per-sender-receiver-pair link parameters and the per-sender-receiver-pair bandwidth grant status in the one or more data structures; and
generate a reservation grant message that indicates the decided one or more subbands and the decided one or more timeslots.

US Pat. No. 10,142,255

ALLOCATING DYNAMIC RESOURCES TO SERVICE CLUSTERS

Amazon Technologies, Inc....

1. A system, comprising:one or more processors;
one or more computer-readable storage media comprising instructions that, upon execution by the one or more processors, configure the system to at least:
access a forecast for demand associated with utilizing a service during a time period, the service available from service sources grouped in clusters;
identify, from a database, resources scheduled to facilitate the service across the clusters during the time period, the resources associated with client devices that are communicatively coupled with the system over a data network;
allocate, at a first time, a resource from the resources to a first cluster from the clusters based at least in part on a scheduled start time for utilizing the resource during the time period, on the forecast for the demand, and on an allocation of remaining resources to the clusters, the resource associated with a client device and a client identifier;
update the database with an indication that the client identifier is allocated to the first cluster, the database associating the allocation and client identifiers;
provide, over the data network and prior to the start time for utilizing the resource, a first notification to the client device that the client identifier is allocated to the first cluster based at least in part on the database, the first notification causing a deployment of the resource to the first cluster;
re-allocate, at a subsequent time during the time period, the resource from the first cluster to a second cluster based at least in part on a current utilization of the resource in the first cluster, on an update to the forecast for the demand expected during a remainder of the time period, on the allocation of the remaining resources to the clusters, and on down time associating with re-allocating the resource;
update the database to indicate that the client identifier is re-allocated to the second cluster; and
provide, over the data network, a second notification to the client device that the client identifier is re-allocated to the second cluster based at least in part on the database, the second notification causing a re-deployment of the resource to the second cluster.

US Pat. No. 10,142,254

SERVICE CHAINING BASED ON LABELS IN CONTROL AND FORWARDING

CISCO TECHNOLOGY, INC., ...

1. A method for routing, comprising:establishing an overlay network, comprising a plurality of network elements and an overlay controller, wherein the overlay controller is in communication with each network element via a secure tunnel established through an underlying transport network;
receiving, by the overlay controller, a first message from a first network element of the plurality of network elements, wherein the first message identifies a first service hosted at the first network element and a first label associated with the first service;
receiving, by the overlay controller, a second message from a second network element of the plurality of network elements, wherein the second message identifies a second service hosted at the second network element and a second label associated with the second service;
constructing, by the overlay controller, a policy defining a service chain that links the first service and the second service; and
pushing, by the overlay controller, the policy to a site so that traffic from the site including the first label is routed using the underlying transport network to the first network element hosting the first service and subsequently to the second network element hosting the second service.

US Pat. No. 10,142,253

METHOD FOR EFFICIENT RELIABLE TRANSMISSION

HFI Innovation INC., Hsi...

1. A method of reliable and efficient information exchange between a first and a second entity, the method comprising:receiving data from the first entity by the second entity, wherein control information is received along with the data, and wherein the control information includes an indication as to what type of response is required;
determining if a response to the received data is required based on the received control information;
determining a response time during which the response is to be sent to the first entity; and
transmitting the response to the first entity before the expiration of the response time, wherein the control information includes a field that indicates if the response is required, wherein the field of the control information also indicates the response time, and wherein the field maps to a table that indicates if a response is requested and the response time.

US Pat. No. 10,142,252

SERVER INTELLIGENCE FOR NETWORK SPEED TESTING CONTROL

Verizon Patent and Licens...

1. A method, comprising:receiving, at a network device from a client device, a request to perform a network speed test of a network connecting the client device and the network device;
conducting a trial test, involving data delivery between the network device and the client device, to determine an approximate capacity of the network;
selecting an optimum data size based on results of the trial test;
selecting a number of threads needed to saturate the network based on the results of the trial test; and
controlling conducting of the network speed test, using a control thread from the network device to the client device, wherein the network speed test utilizes the optimum data size and the selected number of threads.

US Pat. No. 10,142,251

CONTROL OF MAXIMUM TRANSMISSION UNIT SIZE DISCOVERY USING AT COMMANDS

HFI Innovation INC., Hsi...

1. A method, comprising:receiving an Attention (AT) command by a mobile termination (MT) from a terminal equipment (TE) in a mobile communication network, wherein the AT command is related to maximum transmission unit (MTU) information of a packet data network (PDN) connection, and wherein the AT command is a set AT command initiated by the TE for setting a list of Packet Data Protocol (PDP) context parameters including an MTU discovery option;
discovering an MTU size of the PDN connection based on the MTU discovery option that indicates whether the TE prefers to discover the MTU size through Non-Access-Stratum (NAS) signaling; and
transmitting the MTU size from the MT to the TE.

US Pat. No. 10,142,250

MAXIMUM TRANSMISSION UNIT SIZE REPORTING USING AT COMMANDS

HFI Innovation INC., Hsi...

1. A method, comprising:establishing a packet data network (PDN) connection by a terminal equipment (TE) in a mobile communication network;
transmitting an Attention (AT) command by the TE, wherein the AT command is related to maximum transmission unit (MTU) information of the PDN connection, and wherein the AT command is a set AT command initiated by the TE for setting a list of Packet Data Protocol (PDP) context parameters including an MTU discovery option that indicates whether the TE prefers to discover an MTU size through Non-Access-Stratum (NAS) signaling;
receiving the MTU size from a mobile termination (MT); and
processing application data associated with the PDN connection and generating IP packets based on the MTU size received from the MT.

US Pat. No. 10,142,249

METHOD AND APPARATUS FOR DETERMINING BUFFER STATUS OF USER EQUIPMENT

HUAWEI TECHNOLOGIES CO., ...

1. A method comprising:acquiring media information of each transmission control protocol (TCP) packet sent to a user equipment (UE);
receiving an acknowledgment packet from the UE;
determining, according to the acknowledgment packet and the media information of each TCP packet, a media period of time during which data sent to the UE will be continuously played; and
setting a buffer size according to the media period of time during which data sent to the UE will be continuously played.

US Pat. No. 10,142,248

PACKET MIS-ORDERING PREVENTION IN SOURCE ROUTING HITLESS REROUTE USING INTER-PACKET DELAY AND PRECOMPENSATION

Huawei Technologies Co., ...

1. A method implemented by a network element (NE), comprising:forwarding one or more initial packets in a packet flow from a source to a destination along an initial route having an initial route packet delay;
obtaining an updated route having an updated route packet delay less than the initial route packet delay; and
delaying transmission of a subsequent packet in the packet flow over the updated route by an amount of time determined in accordance with the initial route packet delay, the updated route packet delay, and an inter-packet delay when a path delay difference between the initial route packet delay and the updated route packet delay is greater than the inter-packet delay, the inter-packet delay being a delay between successive packets in the packet flow.

US Pat. No. 10,142,247

COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND STORAGE MEDIUM STORING PROGRAM TRANSFERRING DATA USING A PLURALITY OF LINES

NEC CORPORATION, Minato-...

1. A communication device that transfers data using a plurality of lines, the communication device comprising: a splitting unit that splits an inputted frame;a distributing unit that distributes split frames based on output bandwidths of the plurality of lines; and
a transmitting unit that transmits the splitted distributed frames,
wherein the transmitting unit transmits to another device a control frame that includes an amount of transmission data transmitted from each line,
wherein the distributing unit distributes a frame to a line that has a largest remaining output weight, which indicates a ratio of a remaining amount of data that can be outputted through the line in every predetermined period to an amount of data that can be outputted per unit time, which is specified for each line as the output bandwidth,
wherein the distributing unit receives the control frame that has been transmitted by the other device in response to transmission of the control frame, and, if an amount of reception data received by the other device, the amount being included in the control frame, is smaller than the amount of transmission data, the distributing unit makes a setting so as to narrow an output bandwidth of a line through which the control frame has been transmitted and wherein the transmitting unit transmits a dummy frame equivalent to the remaining amount of data upon lapse of the predetermined period.

US Pat. No. 10,142,246

SYSTEMS AND METHODS FOR MANAGING A NETWORK

Comcast Cable Communicati...

1. A method comprising:receiving a message at a boundary node via a first messaging protocol, wherein the message is configured for a second messaging protocol, wherein the second messaging protocol requires that a bit of the message be reserved;
determining that the reserved bit indicates congestion on a network for a class of service; and
responsive to the reserved bit indicating congestion, modifying a downstream data rate for the class of service.

US Pat. No. 10,142,245

APPARATUS AND METHOD FOR PARALLEL PROCESSING

ELECTRONICS AND TELECOMMU...

1. An apparatus for parallel processing comprising:a queue memory configured to store one or more queues,
a data memory configured to store data,
a mapper configured to classify the data into flows and store a pointer of the data in a queue mapped with the flow;
a table provider configured to store a flow table comprising queue information mapped with flow information;
a plurality of processors configured to perform a process based on the data; and
a distributor configured to extract the data from the data memory by referring to the pointer stored in the queue and transmit the data to the processor,
wherein the distributor transmits data corresponding to a single queue to a single processor, and
wherein the mapper maps each of the flows with a new queue or an activated queue based on the number of pointers stored in each activated queue and a predetermined critical value when the activated queue is not mapped with the flow by referring to the flow table.

US Pat. No. 10,142,244

MODIFYING A PRIORITY FOR AT LEAST ONE FLOW CLASS OF AN APPLICATION ON A SOFTWARE DEFINED NETWORKING CONTROLLER

HEWLETT PACKARD ENTERPRIS...

9. A system for modifying a priority for at least one flow class of an application, the system comprising:a registering engine to register flow classes for the application with a software defined networking (SDN) controller, wherein the flow classes comprise a description of flow modification rules and a priority at which the flow modification rules are to be installed at a switch;
a determining engine to determine, with the SDN controller, a priority for each of the flow classes based on other installed applications and network services on the SDN controller;
a sending engine to send a priority key associated with the priority from the SDN controller to the application;
a modifying engine to modify, based on an event, the priority for at least one of the flow classes of the application by mapping the priority key associated with the priority to a new priority value;
a receiving engine to receive, from the application, at least one flow modification rule using the priority key as the priority;
an obtaining engine to obtain at least one of the flow classes via the priority key; and
a validating engine to validate the at least one flow modification rule against registered parameters of the at least one of the flow classes of the application to determine a flow of traffic based on the priority.

US Pat. No. 10,142,243

SYSTEMS AND METHODS FOR QUALITY OF SERVICE REPRIORITIZATION OF COMPRESSED TRAFFIC

Citrix Systems, Inc., Fo...

1. A method for prioritizing data streams, the method comprising:identifying, by a reprioritizer of a first intermediary device deployed between a first node and a second node, a first compression characteristic of a first packet in a first data stream, the first data stream having a first traffic priority level;
identifying, by the reprioritizer, a second compression characteristic of a second packet in a second data stream, the second data stream having a second traffic priority level less than the first traffic priority level;
increasing, by the reprioritizer, the second traffic priority level of the second data stream to greater than the first traffic priority level of the first data stream responsive to a comparison between the first compression characteristic and the second compression characteristic;
starting, by the reprioritizer, a timer based at least on the comparison between the first compression characteristic and the second compression characteristic; and
resetting, based on expiration of the timer maintained by the reprioritizer, the second traffic priority level of the second data stream to be less than the first traffic priority level of the first data stream.

US Pat. No. 10,142,242

NETWORK SUPPORT NODE TRAFFIC REDUCTION FOR SELF-ORGANIZING NETWORKS

T-Mobile USA, Inc., Bell...

1. A computing device comprising:a processor;
a communication component in communication with an operations support system (OSS) node of an OSS network that is configured to support a self-organizing network (SON) telecommunication network; and
memory storing a message queue and a SON engine that, when operated by the processor, executes a plurality of SON tools,
wherein the SON engine is configured to perform operations comprising:
receiving OSS performance information from the OSS node indicative of performance of hardware or software component(s) of the OSS node;
placing a plurality of messages that are to be sent to the OSS node from the plurality of SON tools in the message queue;
determining that at least two messages in the message queue have different priorities based on priorities of the SON tools that originated the at least two messages or based on priorities of parameters associated with the at least two messages; and
limiting transmission of the plurality of messages in the message queue to the OSS node based at least in part on the OSS performance information and on the different priorities of the at least two messages.

US Pat. No. 10,142,240

METHOD AND SYSTEM FOR PERFORMING DIAGNOSTICS IN A GATEWAY DEVICE BASED ON MONITORING PARAMETERS

The DIRECTV Group, Inc., ...

1. A method of controlling a gateway device comprising a network processor, a first communication system, a second communication system, said first communication system and said second communication system transmitting and receiving network signals, said method comprising:communicating first network signals between the network processor and the first communication system, said first network signals comprising first higher priority network signals and first lower priority network signals;
communicating second network signals between the network processor and the second communication system, said second network signals comprising second higher priority network signals and second lower priority network signals;
communicating a first congestion notification request signal from the network processor to the first communication system;
communicating a second congestion notification request signal from the network processor to the second communication system;
throttling or shaping first lower priority network signals at the first communication system in response to the first congestion notification signal to form first modified network signals to allow coordinated control of the first modified network signals;
throttling or shaping second lower priority network signals at the second communication system in response to the second congestion notification signal to form second modified network signals;
communicating the first modified network signals to a first user device; and
communicating the second modified network signals to a second user device.

US Pat. No. 10,142,239

SYNCHRONIZING MULTICAST STATE BETWEEN MULTI-HOMED ROUTERS IN AN ETHERNET VIRTUAL PRIVATE NETWORK

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a first provider edge (PE) router of a plurality of PE routers included in an Ethernet segment of an Ethernet Virtual Private Network (EVPN) and from a second PE router of the plurality of PE routers, a withdrawal of a Border Gateway Protocol (BGP) join synch route used to synchronize a join request for a multicast group across the Ethernet segment, wherein a customer edge (CE) router is multi-homed to the plurality of the PE routers over the Ethernet segment;
in response to receiving the withdrawal of the BGP join synch route, determining, by the first PE router, whether the withdrawal of the BGP join synch route is due to a multicast state timeout event at the second PE router or a disruption event at the second PE router;
upon determining that the withdrawal of the BGP join synch route is due to the disruption event at the second PE router, retaining, by the first PE router, a multicast state for the multicast group associated with the BGP join synch route, and forwarding, by the first PE router, multicast traffic of the multicast group toward at least one receiver connected to the CE router; and
upon determining that the withdrawal of the BGP join synch route is due to the multicast state timeout event at the second PE router, deleting, by the first PE router, the multicast state for the multicast group associated with the BGP join synch route, and stopping, by the first PE router, forwarding of the multicast traffic of the multicast group.

US Pat. No. 10,142,238

DYNAMIC NETWORK LOAD REGULATING DEVICE AND METHOD THEREFOR

NANNING FUGUI PRECISION I...

1. A dynamic network load regulating device, comprising:a first network bridge;
a second network bridge, coupled to the first network bridge;
a third network bridge, coupled to the first network bridge and the second network bridge; and
a traffic monitoring module;
wherein the dynamic network load regulating device selects a root bridge, defines a root port according to a path cost and allocates bandwidth for the root port subject to an edge port;
when the first network bridge is selected as the root bridge, the second network bridge and the third network bridge are further coupled to a plurality of terminal devices, each of the network bridges comprises a plurality of ports, the traffic monitoring module is configured to monitor the plurality of ports traffic load; and
when a first data transmission path traffic load reaches a congestion threshold, the dynamic network load regulating device increases the first data transmission path cost to select a second data transmission path to transmit network data.

US Pat. No. 10,142,237

COMMUNICATION CONTROL METHOD AND SYSTEM

Intel IP Corporation, Sa...

1. A data flow control method for a communication device configured to communicate using a first radio access technology (RAT) and a second RAT, comprising:detecting data flow congestion on a first communication link via the first RAT;
controlling the communication device to trigger a base station supporting a second communication link associated with the second RAT to perform one or more data flow operations based on the communication device's intention to enter a reduced power operating mode for communications via the first communication link; and
notifying the base station of the communication device's intention to enter the reduced power operating mode to trigger the base station to perform the one or more data flow operations, the notification triggering increased data buffering in an access point (AP) supporting the first communication link and associated with the base station, the increased data buffering triggering the base station to perform the one or more data flow control operations.

US Pat. No. 10,142,236

SYSTEMS AND METHODS FOR MANAGING A PACKET NETWORK

COMCAST CABLE COMMUNICATI...

1. A method comprising:receiving a packet comprising delay information relating to a plurality of network points, wherein the delay information represents a sliding window delay measurement comprising a plurality of delay measurements determined over one or more time intervals, wherein each of the plurality of network points is associated with at least one delay measurement of the plurality of delay measurements;
comparing a first delay measurement of the plurality of delay measurements to a threshold, wherein the first delay measurement is associated with a network point of the plurality of network points selected at random; and
based on the first delay measurement exceeding the threshold, executing a congestion control process associated with the plurality of network points, wherein executing the congestion control process comprises modifying one or more of an ingress data rate and an egress data rate.

US Pat. No. 10,142,234

MEMORY PAGE INDEXING DATA STRUCTURE

NETAPP, INC., Sunnyvale,...

1. A method comprising:providing, by a storage server, a plurality of sorted keys;
storing a first subset of the plurality of sorted keys on a first memory page, wherein the first subset of the plurality of sorted keys include a first bit prefix;
storing a second subset of the plurality of sorted keys on a second memory page, wherein the second subset of the plurality of sorted keys include a second bit prefix that is different than the first bit prefix;
constructing a trie representation that includes a first entry corresponding to the first memory page and a second entry corresponding to the second memory page, wherein a position of the first entry in the trie representation is determined based on a binary value of a bit of the first bit prefix, and wherein a position of the second entry in the representation is determined based on a binary value of a bit of the second bit prefix; and
traversing the trie representation, by the storage server, to access a record stored in the first memory page, wherein the record corresponds to a key having the first bit prefix.

US Pat. No. 10,142,233

APPARATUS FOR TRANSMITTING BROADCAST SIGNAL, APPARATUS FOR RECEIVING BROADCAST SIGNAL, METHOD FOR TRANSMITTING BROADCAST SIGNAL AND METHOD FOR RECEIVING BROADCAST SIGNAL

LG ELECTRONICS INC., Seo...

1. A method for transmitting a broadcast signal, the method comprising,:generating, by a processor, service data of a broadcast service and service signaling information for signaling the service data, the service data including first service components delivered by using a Movie Picture Everts Group (MPEG) Media Transport Protocol (MMTP) and second service components delivered by using a Real-Time Object Delivery over Unidirectional Transport (ROUTE) protocol;
generating, by the processor, a service list table, the service list table including bootstrap information and protocol type information for the broadcast service,
wherein protocol type information indicates which one of the MMTP or the ROUTE protocol is used for delivering the service signaling information for the broadcast service, the bootstrap information identifies a transport session carrying the service signaling information for the broadcasts service, and the transport session identified by the bootstrap information has a transport protocol type indicated by the protocol type information;
generating, by the processor, a broadcast signal including the first and second service components, the service signal information, and the service list table; and
transmitting, by a broadcasting antenna, the generated broadcast signal through a broadcast network,
wherein when the protocol type information indicates that the service signaling information is delivered according to the MMTP, the service signaling information for the broadcast service is carried in an MMTP session identified by the bootstrap information, and
wherein the service signaling information carried in the MMTP session includes information used for accessing ROUTE sessions which deliver the second service components of the broadcast service based on the ROUTE protocol.

US Pat. No. 10,142,232

ROUTE SETTING METHOD AND TERMINAL DEVICE

HUAWEI TECHNOLOGIES CO., ...

1. A route setting method on a terminal device, comprising:checking, with a processor, whether a newly connected secure element (SE) is an exclusive SE, the exclusive SE being an SE installed on a universal integrated circuit card (UICC);
checking, with the processor, whether setting a default routing entry is supported when the newly connected SE is a newly connected exclusive SE;
when setting a default routing entry is not supported:
writing, with the processor, a routing entry corresponding to the newly connected exclusive SE to a routing table to construct the routing table that comprises only the routing entry corresponding to the newly connected exclusive SE; and
deleting, with the processor, a routing entry corresponding to a host-card emulator (HCE) from the routing table and a routing entry corresponding to a non-exclusive SE from the routing table when the routing table comprises a routing entry whose target is the HCE; and
setting, with the processor, the newly connected exclusive SE as a default routing target SE when setting the default routing entry is supported to permit the UICC to be used as a secure environment on the terminal device.

US Pat. No. 10,142,231

TECHNOLOGIES FOR NETWORK I/O ACCESS

Intel Corporation, Santa...

1. A network computing device for non-uniform network input/output access acceleration, the network computing device comprising:a plurality of non-uniform memory access (NUMA) nodes, wherein each of the NUMA nodes includes an allocated number of processor cores of a physical processor package of the network computing device and a local memory, and wherein the local memory defines a portion of a main memory of the network computing device allocated to a corresponding NUMA node; and
a multi-home network interface controller (NIC) to facilitate the ingress and egress of network packets via a network interfacing port of the multi-home NIC, wherein the network interfacing port is communicatively coupled to a logical switch of the multi-home NIC that is configured to route the network packets to one of the NUMA nodes via a corresponding one of a plurality of logical NICs that is communicatively coupled to the one of the NUMA nodes, wherein the logical switch is communicatively coupled to each of the plurality of logical NICs, wherein each of the plurality of logical NICs includes one or more queues to store at least a portion of the network packets received by the multi-home NIC, and wherein each of the plurality of logical NICs is directly linked to a respective one of the NUMA nodes.

US Pat. No. 10,142,230

METHOD AND APPARATUS FOR TRANSMITTING MESSAGES ASSOCIATED WITH INTERNET PROTOCOL VERSION 4 (IPV4) ADDRESSES ON AN INTERNET PROTOCOL VERSION 6 (IPV6) NETWORK

Vonage Business Inc., At...

1. A computer-implemented method for transmitting messages associated with IPv4 addresses on an IPv6 network, comprising:receiving, in a first message from an IPv4 network, an IPv4 address of a component in the IPv4 network;
parsing the IPv4 address into a plurality of elements;
hashing the plurality of elements of the IPv4 address;
creating a new host name for the IPv4 address based on the hashed plurality of elements;
sending, to a domain name server (DNS) associated with the IPv6 network, a request to perform a DNS lookup of the host name;
responsive to the DNS lookup request, receiving an IPv6 address; and
processing the first message as if it were originally received with the IPv6 address.

US Pat. No. 10,142,229

CONCEALED DATAGRAM-BASED TUNNEL FOR REAL-TIME COMMUNICATIONS

ORACLE INTERNATIONAL CORP...

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to perform tunneling for real-time communications (RTC), the performing comprising:establishing a datagram-based tunnel, over an Internet Protocol (IP) network that comprises security devices, between a tunneling client and a tunneling server, wherein the tunnel is configured to transport datagram based traffic and comprises a datagram-based outer transport protocol;
receiving a packet over the datagram-based tunnel at the tunneling server from the tunneling client, wherein the packet is configured according to the datagram-based outer transport protocol of the tunnel and includes a datagram-based payload and a stream-based header, wherein the packet has traversed the datagram-based tunnel; and
processing the packet according to the datagram-based outer transport protocol based on information in the stream-based header wherein the packet traverses the security devices;
wherein the datagram-based payload and the datagram-based outer transport protocol is in accordance with a User Datagram Protocol (UDP) or a Datagram Transport Layer Security (DTLS) protocol, and the stream-based header is in accordance with a transmission control protocol (TCP) header and the stream-based header comprises TCP fields that comprise a sequence number field, an acknowledgement number field, a code bits field, a window size field, a checksum field, an urgent field and a header length field, and the sequence number field, the acknowledgement number field, the code bits field, the window size field, and the urgent field are set to zero, and the header length field is set to 5.

US Pat. No. 10,142,228

DEVICE AND METHOD FOR RETRANSMITTING DATA IN A NETWORK SWITCH

1. In a communication network comprising a plurality of network domains, a method implemented by computer within a network switch for transmitting frames of data from a sender network domain to at least one receiver network domain, the network switch comprising at least a central memory, network receiver ports, and network sender ports, the method comprising the steps:receiving on a network receiver port at least one incoming frame of data from a sender network domain, the incoming frame containing a header and applicational content;
identifying within the applicational content of the at least one incoming frame, each independent part corresponding to a different addressee network domain;
disassembling the applicational content to extract an item of data of each said independent part of the applicational content from the at least one incoming frame;
writing each said extracted item of data in a different memory area of the central memory of the network switch, the central memory having different memory areas assigned to the different addressee network domains;
waiting a respective time period, calculated a priori before said receiving of the at least one incoming frame of data, to allow accumulation of a certain number of data necessary for each respective addressee network domain, the time period being calculated to comply with end-to-end temporal constraints;
constructing an outgoing frame for each different addressee network domain after waiting the respective time period, wherein each of said outgoing frames comprising a header and an applicational content made of one or more item of data corresponding to the same addressee network domain, the one or more item of data for each applicational content being transferred from a same memory area of the central memory; and
dispatching each of said outgoing frames of data to a network sender port assigned to a respective addressee network domain by triggering a direct access memory request by direct memory controllers coupled to each respective network sender port.

US Pat. No. 10,142,227

BIT INDEXED EXPLICIT REPLICATION FOR DETERMINISTIC NETWORK DATA PLANE

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving, by a network device in a deterministic data network comprising deterministic segments having peer endpoint devices, a data packet comprising a packet header having a bit index generated by a controller, each bit in the bit index associated with a corresponding one of the deterministic segments;
the network device identifying, from the bit index, a first bit for a corresponding first deterministic segment and a second bit for a corresponding second deterministic segment, wherein the network device is a peer endpoint device for transmitting deterministic traffic into each of the first and second deterministic segments toward a corresponding peer endpoint device;
the network device selectively executing a replication operation of the data packet for transmission of a replicated data packet into each of the first and second deterministic segments, based on the network device detecting the corresponding first and second bits set for replication.

US Pat. No. 10,142,226

DIRECT NETWORK CONNECTIVITY WITH SCALABLE FORWARDING AND ROUTING FLEETS

Amazon Technologies, Inc....

1. A system, comprising:a plurality of virtual routers implemented at one or more computing devices of a virtual routing fleet of a direct connectivity service of a provider network;
a plurality of forwarding engines implemented at one or more computing devices of a packet forwarding fleet of the direct connectivity service; and
a connectivity manager implemented at one or more computing devices of the direct connectivity service;
wherein a first virtual router of the virtual routing fleet includes instructions that when executed on a first computing device cause the first computing device to obtain, via a first session of a routing information exchange protocol with a first user-owned router of a first user of the direct connectivity service, one or more routing metadata entries;
wherein a first forwarding engine of the packet forwarding fleet includes instructions that when executed on a second computing device cause the second computing device to:
receive a first encapsulation packet from an edge router of the provider network, wherein the first encapsulation packet comprises a first baseline packet originating at a computing device of the first user and transmitted over a direct physical link to a first encapsulating device configured on behalf of the direct connectivity service, wherein the first encapsulating device is located at premises external to the provider network; and
forward, based on a set of routing metadata which includes the one or more routing metadata entries, the first baseline packet to a destination virtual machine of the first user within the provider network; and
wherein the connectivity manager includes instructions that when executed on a third computing device cause the third computing device to:
based on a first triggering condition, modify the number of forwarding engines established in the forwarding fleet; and
based on a second triggering condition, modify the number of virtual routers established in the virtual routing fleet.